CVE-2019-10193
redis: Stack buffer overflow in HyperLogLog triggered by malicious client
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4. Por la corrupción de un hiperloglog usando el comando SETRANGE, un atacante podría causar que Redis realizara incrementos controlados de hasta 12 bytes más allá del final de un búfer asignado a la pila.
A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By corrupting a HyperLogLog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-03-27 CVE Reserved
- 2019-07-11 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/109290 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193 | Issue Tracking | |
| https://seclists.org/bugtraq/2019/Jul/19 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | 2021-10-28 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:1819 | 2021-10-28 | |
| https://access.redhat.com/errata/RHSA-2019:2002 | 2021-10-28 | |
| https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES | 2021-10-28 | |
| https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES | 2021-10-28 | |
| https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES | 2021-10-28 | |
| https://security.gentoo.org/glsa/201908-04 | 2021-10-28 | |
| https://usn.ubuntu.com/4061-1 | 2021-10-28 | |
| https://www.debian.org/security/2019/dsa-4480 | 2021-10-28 | |
| https://access.redhat.com/security/cve/CVE-2019-10193 | 2019-08-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1727668 | 2019-08-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | >= 3.0.0 < 3.2.13 Search vendor "Redislabs" for product "Redis" and version " >= 3.0.0 < 3.2.13" | - |
Affected
| ||||||
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | >= 4.0.0 < 4.0.14 Search vendor "Redislabs" for product "Redis" and version " >= 4.0.0 < 4.0.14" | - |
Affected
| ||||||
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | >= 5.0 < 5.0.4 Search vendor "Redislabs" for product "Redis" and version " >= 5.0 < 5.0.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 9 Search vendor "Redhat" for product "Openstack" and version "9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 10 Search vendor "Redhat" for product "Openstack" and version "10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 13 Search vendor "Redhat" for product "Openstack" and version "13" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 14 Search vendor "Redhat" for product "Openstack" and version "14" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 3.4 Search vendor "Oracle" for product "Communications Operations Monitor" and version "3.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.1 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.1" | - |
Affected
| ||||||