Advisory ID:

NFLX-2016-002

Advisory Title:

Heap Overflow in Dynomite yaml configuration parser.

Author:

David Moore / dmoorefo@gmail.com

Scott Behrens / sbehrens@netflix.com

Release Date:

06/06/2016

Application:

Dynomite

Source:

https://github.com/Netflix/dynomite

Severity:

Medium

Overview:

A dynomite admin can make a controlled 6 byte write to memory via a crafted dynomite.yml file resulting in heap corruption and possibly remote code execution and privilege escalation.

Patch:

The master branch contains the fix. The commit can be found here: https://github.com/Netflix/dynomite/commit/93357f74c73648316e65b6676a30355f4c46d09b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

nflx-2016-002.md

nflx-2016-002.md

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Source:

Severity:

Overview:

Patch:

Files

nflx-2016-002.md

Latest commit

History

nflx-2016-002.md

File metadata and controls

Advisory ID:

Advisory Title:

Author:

Release Date:

Application:

Source:

Severity:

Overview:

Patch: