Описание
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 5:4.0.9-1ubuntu0.2 |
| cosmic | ignored | end of life |
| devel | not-affected | 5:5.0.5-1 |
| disco | released | 5:5.0.3-4ubuntu0.1 |
| esm-apps/bionic | released | 5:4.0.9-1ubuntu0.2 |
| esm-apps/xenial | released | 2:3.0.6-1ubuntu0.4 |
| esm-infra-legacy/trusty | not-affected | code not present |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected | code not present |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
7.2 High
CVSS3
Связанные уязвимости
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
A heap-buffer overflow vulnerability was found in the Redis hyperloglo ...
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Уязвимость алгоритма HyperLogLog резидентной системы управления базами данных класса NoSQL Redis, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS2
7.2 High
CVSS3