CVE-2019-10193
published 2019-07-11CVE-2019-10193: A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | redis | < redis 5:5.0.4-1 (bookworm) | redis 5:5.0.4-1 (bookworm) |
| oracle | communications_operations_monitor | — | — |
| oracle | communications_operations_monitor | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_aus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | enterprise_linux_server_tus | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis | redis | >= 0 < 5:5.0.4-1 | 5:5.0.4-1 |
| redis_labs | redis | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.2HIGH