Security Alert # 2: VelocyPack Buffer Overflow
The VelocyPack implementation used in ArangoDB can trigger a buffer overflow. In order to exploit this, an attacker needs access to the database port. As a buffer overflow results in undefined behavior the attacker might crash the database server or gain illegal access to data stored in the database.
It is therefore important to upgrade ArangoDB as soon as possible.
Please upgrade to at least:
These versions contain an updated version of the VelocyPack library, which protects against the buffer overflow.
In order to check the version you are using, you can issue a
/usr/sbin/arangod --version | head -1
If you are using a docker container, you can check that your container has been updated by running
docker run -it arangodb/arangodb env arangod --version | head -1