Home

CVE-2019-10192

Description

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Risk Information

Base Score
7.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
21.637

Associated Vulnerability

VulnerabilityOS Platform
Persistent key-value database with network interface (USN-4061-1) redis_4.0.9-1ubuntu0.2_all.debLinux
Persistent key-value database with network interface (USN-4061-1) redis_5.0.3-4ubuntu0.1_all.debLinux
Persistent key-value database with network interface (USN-4061-1) redis-tools_3.0.6-1ubuntu0.4_i386.debLinux
Persistent key-value database with network interface (USN-4061-1) redis-tools_3.0.6-1ubuntu0.4_amd64.debLinux
(RHSA-2019:2002) redis:5 security update redis-5.0.3-2.module+el8.0.0.z+3657+acb471dc.x86_64.rpmLinux
(RHSA-2019:2002) redis:5 security update redis-debugsource-5.0.3-2.module+el8.0.0.z+3657+acb471dc.x86_64.rpmLinux
(RHSA-2019:2002) redis:5 security update redis-devel-5.0.3-2.module+el8.0.0.z+3657+acb471dc.x86_64.rpmLinux
(RHSA-2019:2002) redis:5 security update redis-doc-5.0.3-2.module+el8.0.0.z+3657+acb471dc.noarch.rpmLinux
Redis update (ELSA-2019-2002) redis-5.0.3-2.module+el8.0.0.z+5250+19ca22c8.x86_64.rpmLinux
Redis-devel update (ELSA-2019-2002) redis-devel-5.0.3-2.module+el8.0.0.z+5250+19ca22c8.x86_64.rpmLinux
Redis-doc update (ELSA-2019-2002) redis-doc-5.0.3-2.module+el8.0.0.z+5250+19ca22c8.noarch.rpmLinux
Persistent key-value database with network interface (USN-4061-1) redis-tools_4.0.9-1ubuntu0.2_i386.debLinux
Persistent key-value database with network interface (USN-4061-1) redis-tools_4.0.9-1ubuntu0.2_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234