Vulnerability CVE-2019-10192


Published: 2019-07-11

Description:
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Redhat
Product: Openstack 
Version:
9.0
14.0
13.0
10
Product: Enterprise linux 
Version: 8.0;
Vendor: Debian
Product: Debian linux 
Version: 9.0; 10.0;
Vendor: Redislabs
Product: Redis 
Version:
5.0.3
5.0.2
5.0.1
5.0
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.13
4.0.12
4.0.11
4.0.10
4.0.1
4.0.0
3.2.9
3.2.8
3.2.7
3.2.6
3.2.5
3.2.4
3.2.3
3.2.2
3.2.12
3.2.11
3.2.10
3.2.1
3.2.0
3.2
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
Vendor: Canonical
Product: Ubuntu linux 
Version:
19.04
18.04
16.04

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/109290
https://access.redhat.com/errata/RHSA-2019:1819
https://access.redhat.com/errata/RHSA-2019:1860
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
https://seclists.org/bugtraq/2019/Jul/19
https://usn.ubuntu.com/4061-1/
https://www.debian.org/security/2019/dsa-4480

Related CVE
CVE-2019-19244
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
CVE-2019-3466
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, rela...
CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have ...
CVE-2015-3167
contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via...
CVE-2012-3543
mono 2.10.x ASP.NET Web Form Hash collision DoS
CVE-2019-2201
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. U...

Copyright 2019, cxsecurity.com

 

Back to Top