A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x prior to 3.2.13, 4.x prior to 4.0.14 and 5.x prior to 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redislabs redis |
||
redhat openstack 9 |
||
redhat openstack 10 |
||
redhat openstack 13 |
||
redhat openstack 14 |
||
redhat software collections 1.0 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux eus 8.1 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux eus 8.4 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
canonical ubuntu linux 19.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 16.04 |
||
oracle communications operations monitor 3.4 |
||
oracle communications operations monitor 4.1 |