CVE-2016-8339
published 2016-10-28CVE-2016-8339: A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.83%
96.3th percentile
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | redis | < redis 3:3.2.4-1 (bookworm) | redis 3:3.2.4-1 (bookworm) |
| redis | redis | — | — |
| redis | redis | >= 0 < 3:3.2.4-1 | 3:3.2.4-1 |
| redis | redis | >= 0 < 3:3.2.4-1 | 3:3.2.4-1 |
| redis | redis | >= 0 < 3:3.2.4-1 | 3:3.2.4-1 |
| redis | redis | >= 0 < 3:3.2.4-1 | 3:3.2.4-1 |
| redislabs | redis | — | — |
| redislabs | redis | — | — |
| redislabs | redis | — | — |
| redislabs | redis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort Rule: 40301
- →Detect Redis CONFIG SET commands specifying 'master' as the client type in the client-output-buffer-limit option, which is not a valid client class for this option and triggers the OOB write. ↗
- →Monitor Redis traffic for crafted CONFIG SET commands targeting the client-output-buffer-limit option as an indicator of exploitation attempts. ↗
- ·The vulnerability affects Redis 3.2.x prior to 3.2.4 only; versions at or above 3.2.4 are patched. ↗
- ·The getClientTypeByName function returns values in the set [-1, 3], but the client_obuf_limits array has a declared size of only 3, making the 'master' client type (index 3) an out-of-bounds write target. ↗
- ·Snort rule 40301 may be updated; always refer to the FireSIGHT Management Center or Snort.org for the most current rule version. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.6MEDIUMCVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
vendor_redhat·2016-09-30·CVSS 9.8
CVE-2016-8339 [CRITICAL] CWE-787 redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Statement: No currently supported version of Red Hat OpenStack Platform or Red Hat Enterprise Linux OpenStack Platform is affected by this flaw.
Package: redis (Red Hat Enterprise Linux OpenStack Platform 6 (Juno)) - Not affected
Package: redis (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) -
Debian
CVE-2016-8339: redis - A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution ...
vendor_debian·2016·CVSS 9.8
CVE-2016-8339 [CRITICAL] CVE-2016-8339: redis - A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution ...
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Scope: local
bookworm: resolved (fixed in 3:3.2.4-1)
bullseye: resolved (fixed in 3:3.2.4-1)
forky: resolved (fixed in 3:3.2.4-1)
sid: resolved (fixed in 3:3.2.4-1)
trixie: resolved (fixed in 3:3.2.4-1)
GHSA
GHSA-33p7-cjfg-8vc5: A buffer overflow in Redis 3
ghsa_unreviewed·2022-05-13
CVE-2016-8339 [CRITICAL] CWE-119 GHSA-33p7-cjfg-8vc5: A buffer overflow in Redis 3
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
OSV
CVE-2016-8339: A buffer overflow in Redis 3
osv·2016-10-28·CVSS 9.8
CVE-2016-8339 [CRITICAL] CVE-2016-8339: A buffer overflow in Redis 3
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-8339 redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
bugzilla·2016-10-03·CVSS 9.8
CVE-2016-8339 [CRITICAL] CVE-2016-8339 redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
CVE-2016-8339 redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command
An out of bounds write vulnerability was found in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Upstream patch:
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
External References:
http://www.talosintelligence.com/reports/TALOS-2016-0206/
http://blog.talosintel.com/2016/09/redis-vulnerability.html
Discussion:
Statement:
No currently supported version of Red Hat OpenStack Platform or Red Hat Enterprise Linux OpenStack Platform is affected by this flaw.
Talos
Vulnerability Spotlight: Redis CONFIG SET client-output-buffer-limit Code Execution Vulnerability
blogs_talos·2016-09-30·CVSS 9.8
CVE-2016-8339 [CRITICAL] Vulnerability Spotlight: Redis CONFIG SET client-output-buffer-limit Code Execution Vulnerability
Vulnerability Discovered by Cory Duplantis of Talos
### Overview Talos is disclosingTALOS-2016-0206/CVE-2016-8339, an out-of-bounds write vulnerability inRedis. Redis is a simple in-memory data structure store using a key-value model. Redis has been growing in popularity due to its ability to handle problems that other databases can't solve or are inherently slow at. This particular vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write, potentially resulting in code execution.
### Details An out of bounds write vulnerability exists during the modification of the `client-output-buffer-limit` option using the `CONFIG SET` command. The req
http://www.securityfocus.com/bid/93283http://www.talosintelligence.com/reports/TALOS-2016-0206/https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977https://security.gentoo.org/glsa/201702-16http://www.securityfocus.com/bid/93283http://www.talosintelligence.com/reports/TALOS-2016-0206/https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977https://security.gentoo.org/glsa/201702-16
2016-10-28
Published