9.8

CVE-2016-8339

Exploit
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedislabsRedis Version3.2.0
RedislabsRedis Version3.2.1
RedislabsRedis Version3.2.2
RedislabsRedis Version3.2.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.83% 0.963
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com 6.6 0.7 5.9
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/201702-16
Third Party Advisory
http://www.securityfocus.com/bid/93283
Third Party Advisory
VDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0206/
Third Party Advisory
Exploit
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
Patch
Third Party Advisory