This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CVE-2019-10192-BO
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Redis CVE-2019-10192 Heap Buffer Overflow
|
Release Date |
2019/09/13
|
Update Number |
3207
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Redis CVE-2019-10192 Heap Buffer Overflow
This signature detects attempts to exploit a known vulnerability in the Redis application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Extended Description
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Affected Products
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 19.04
- Debian debian_linux 10.0
- Debian debian_linux 9.0
- Redhat enterprise_linux 8.0
- Redhat openstack 10
- Redhat openstack 13.0
- Redhat openstack 14.0
- Redhat openstack 9.0
- Redislabs redis 3.0.0
- Redislabs redis 3.0.1
- Redislabs redis 3.0.2
- Redislabs redis 3.0.3
- Redislabs redis 3.0.4
- Redislabs redis 3.0.5
- Redislabs redis 3.0.6
- Redislabs redis 3.0.7
- Redislabs redis 3.2
- Redislabs redis 3.2.0
- Redislabs redis 3.2.1
- Redislabs redis 3.2.10
- Redislabs redis 3.2.11
- Redislabs redis 3.2.12
- Redislabs redis 3.2.2
- Redislabs redis 3.2.3
- Redislabs redis 3.2.4
- Redislabs redis 3.2.5
- Redislabs redis 3.2.6
- Redislabs redis 3.2.7
- Redislabs redis 3.2.8
- Redislabs redis 3.2.9
- Redislabs redis 4.0.0
- Redislabs redis 4.0.1
- Redislabs redis 4.0.10
- Redislabs redis 4.0.11
- Redislabs redis 4.0.12
- Redislabs redis 4.0.13
- Redislabs redis 4.0.2
- Redislabs redis 4.0.3
- Redislabs redis 4.0.4
- Redislabs redis 4.0.5
- Redislabs redis 4.0.6
- Redislabs redis 4.0.7
- Redislabs redis 4.0.8
- Redislabs redis 4.0.9
- Redislabs redis 5.0
- Redislabs redis 5.0.0
- Redislabs redis 5.0.1
- Redislabs redis 5.0.2
- Redislabs redis 5.0.3
References