QwikSec

Security Database

CVE

CWE

Training

CVE-2019-10193

Published: Jul 11, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

7.2

HIGH

Description

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Vendor	Product	Versions
Redis Labs	redis	affected `3.x before 3.2.13` affected `4.x before 4.0.14` affected `5.x before 5.0.4`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

vendor-advisory

x_refsource_DEBIAN

20190712 [SECURITY] [DSA 4480-1] redis security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_GENTOO

https://www.oracle.com/security-alerts/cpujul2020.html

x_refsource_MISC

https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES

x_refsource_MISC

https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES

x_refsource_MISC

https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.