QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-10192

Back to search

CVE-2019-10192

Published: Jul 11, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.2

HIGH

Description

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

VendorProductVersions

Redis Labs

redis

affected
3.x before 3.2.13
affected
4.x before 4.0.14
affected
5.x before 5.0.4

Weaknesses (CWE)

CWE-122

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

DSA-4480
vendor-advisory
x_refsource_DEBIAN
USN-4061-1
vendor-advisory
x_refsource_UBUNTU
109290
vdb-entry
x_refsource_BID
RHSA-2019:1819
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1860
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2002
vendor-advisory
x_refsource_REDHAT
GLSA-201908-04
vendor-advisory
x_refsource_GENTOO
RHSA-2019:2508
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2506
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2621
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2630
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now