← Back

CVE-2019-10193

nvd nist
Published: Jul 11, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Affected (22)

Show all products
Redislabs: Redis · Redhat: Enterprise Linux, Enterprise Linux Eus, Enterprise Linux Server Aus, Enterprise Linux Server Tus, Openstack · Debian: Debian Linux · Canonical: Ubuntu Linux · Oracle: Communications Operations Monitor
Redislabs
1 product
Redis
Redhat
5 products
Enterprise Linux
Enterprise Linux Eus
Enterprise Linux Server Aus
Enterprise Linux Server Tus
Openstack
Debian
1 product
Debian Linux
Canonical
1 product
Ubuntu Linux
Oracle
1 product
Communications Operations Monitor
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Redislabs
Redis
From 3.0.0 to 3.2.13
Redis
From 4.0.0 to 4.0.14
Redis
From 5.0 to 5.0.4
Configuration B
12 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Redhat
Enterprise Linux Eus
Version 8.1
Enterprise Linux Eus
Version 8.2
Enterprise Linux Eus
Version 8.4
Redhat
Enterprise Linux Server Aus
Version 8.2
Enterprise Linux Server Aus
Version 8.4
Redhat
Enterprise Linux Server Tus
Version 8.2
Enterprise Linux Server Tus
Version 8.4
Redhat
Openstack
Version 10
Openstack
Version 13
Openstack
Version 14
Openstack
Version 9
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 10.0
Debian Linux
Version 9.0
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 18.04
Ubuntu Linux
Version 19.04
Configuration E
2 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Communications Operations Monitor
Version 3.4
Communications Operations Monitor
Version 4.1

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (24)

Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingThird Party Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Release NotesVendor Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.