Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 8.0 | 8.0 |
Debian_linux | Debian | 9.0 | 9.0 |
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | RedHat | redis-0:2.8.24-1.el7ost | * |
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | RedHat | redis-0:2.8.24-1.el7ost | * |
Red Hat Enterprise Linux OpenStack Platform 7.0 Operational Tools for RHEL 7 | RedHat | redis-0:2.8.24-1.el7ost | * |
Redis | Ubuntu | artful | * |
Redis | Ubuntu | precise | * |
Redis | Ubuntu | trusty | * |
Redis | Ubuntu | trusty/esm | * |
Redis | Ubuntu | upstream | * |
Redis | Ubuntu | vivid | * |
Redis | Ubuntu | wily | * |
Redis | Ubuntu | yakkety | * |
Redis | Ubuntu | zesty | * |