A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Name | Vendor | Start Version | End Version |
---|---|---|---|
Redis | Redislabs | 3.0.0 (including) | 3.2.13 (excluding) |
Redis | Redislabs | 4.0.0 (including) | 4.0.14 (excluding) |
Redis | Redislabs | 5.0 (including) | 5.0.4 (excluding) |
Red Hat Enterprise Linux 8 | RedHat | redis:5-8000020190711140130.f8e95b4e | * |
Red Hat OpenStack Platform 10.0 (Newton) | RedHat | redis-0:3.0.6-5.el7ost | * |
Red Hat OpenStack Platform 13.0 (Queens) | RedHat | redis-0:3.2.8-4.el7ost | * |
Red Hat OpenStack Platform 14.0 (Rocky) | RedHat | redis-0:3.2.8-4.el7ost | * |
Red Hat OpenStack Platform 9.0 (Mitaka) | RedHat | redis-0:3.0.6-5.el7ost | * |
Red Hat OpenStack Platform 9.0 Operational Tools for RHEL 7 | RedHat | redis-0:3.0.6-5.el7ost | * |
Red Hat Software Collections for Red Hat Enterprise Linux 6 | RedHat | rh-redis32-redis-0:3.2.13-1.el6 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-redis5-redis-0:5.0.5-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-redis32-redis-0:3.2.13-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-redis5-redis-0:5.0.5-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS | RedHat | rh-redis32-redis-0:3.2.13-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-redis5-redis-0:5.0.5-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS | RedHat | rh-redis32-redis-0:3.2.13-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-redis5-redis-0:5.0.5-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-redis32-redis-0:3.2.13-1.el7 | * |
Redis | Ubuntu | bionic | * |
Redis | Ubuntu | cosmic | * |
Redis | Ubuntu | disco | * |
Redis | Ubuntu | trusty | * |
Redis | Ubuntu | upstream | * |
Redis | Ubuntu | xenial | * |