CVE-2019-10192
published 2019-07-11CVE-2019-10192: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | redis | < redis 5:5.0.4-1 (bookworm) | redis 5:5.0.4-1 (bookworm) |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | software_collections | — | — |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.2HIGH