Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8339

Опубликовано: 30 сент. 2016
Источник: redhat
CVSS3: 6.6
CVSS2: 4.6

Описание

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

Отчет

No currently supported version of Red Hat OpenStack Platform or Red Hat Enterprise Linux OpenStack Platform is affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)redisNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)redisNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational ToolsredisNot affected
Red Hat Mobile Application Platform On-Premise 4.1.0redisNot affected
Red Hat OpenStack Platform 10 (Newton)redisNot affected
Red Hat OpenStack Platform 10 (Newton) Operational ToolsredisNot affected
Red Hat OpenStack Platform 8 (Liberty)redisNot affected
Red Hat OpenStack Platform 8 (Liberty) Operational ToolsredisNot affected
Red Hat OpenStack Platform 9 (Mitaka)redisNot affected
Red Hat OpenStack Platform 9 (Mitaka) Operational ToolsredisNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1381244redis: OOB write vulnerability in handling of client-output-buffer-limit option during the CONFIG SET command

6.6 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8339

CVSS3: 9.8
ubuntu
больше 9 лет назад

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

nvd логотип

CVE-2016-8339

CVSS3: 9.8
nvd
больше 9 лет назад

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

debian логотип

CVE-2016-8339

CVSS3: 9.8
debian
больше 9 лет назад

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code ...

github логотип

GHSA-33p7-cjfg-8vc5

CVSS3: 9.8
github
больше 3 лет назад

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

suse-cvrf логотип

SUSE-OU-2020:3291-1

suse-cvrf
около 5 лет назад

Optional update for python-redis and redis

6.6 Medium

CVSS3

4.6 Medium

CVSS2