CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow

https://notcve.org/view.php?id=CVE-2015-8080

04 Dec 2015 — Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones a... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html • CWE-190: Integer Overflow or Wraparound •