7.2

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedislabsRedis Version >= 3.0.0 < 3.2.13
RedislabsRedis Version >= 4.0.0 < 4.0.14
RedislabsRedis Version >= 5.0 < 5.0.4
RedhatOpenstack Version9
RedhatOpenstack Version10
RedhatOpenstack Version13
RedhatOpenstack Version14
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.7% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com 7.2 1.2 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.oracle.com/security-alerts/cpujul2020.html
Patch
Third Party Advisory
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
Vendor Advisory
Release Notes
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
Vendor Advisory
Release Notes
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
Vendor Advisory
Release Notes
https://security.gentoo.org/glsa/201908-04
Third Party Advisory
http://www.securityfocus.com/bid/109290
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2019:1819
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2002
Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/19
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4061-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4480
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193
Third Party Advisory
Issue Tracking