CVE-2017-15047

CWE-119Buffer OverflowCWE-20Improper Input Validation9 documents7 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 42.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redislabs Redis
Timeline
PublishedOct 6
Latest updateMay 13

Description

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Debianredis< 4:4.0.2-5+3
NVDredislabs/redis4.0.2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-68cf-q2m8-cxp4: The clusterLoadConfig function in cluster2022-05-13
CVEList
CVE-2017-15047: The clusterLoadConfig function in cluster2017-10-06
OSV
CVE-2017-15047: The clusterLoadConfig function in cluster2017-10-06

📋Vendor Advisories

2
Red Hat
redis: Insufficient input validation in the clusterLoadConfig function2017-08-31
Debian
CVE-2017-15047: redis - The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to c...2017

💬Community

3
Bugzilla
CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function [fedora-all]2017-10-06
Bugzilla
CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function [epel-all]2017-10-06
Bugzilla
CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function2017-10-06