Vulnerability CVE-2019-10193


Published: 2019-07-11

Description:
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Redhat
Product: Openstack 
Version:
9.0
14.0
13.0
10
Product: Enterprise linux 
Version: 8.0;
Vendor: Debian
Product: Debian linux 
Version: 9.0; 10.0;
Vendor: Redislabs
Product: Redis 
Version:
5.0.3
5.0.2
5.0.1
5.0
4.0.9
4.0.8
4.0.7
4.0.6
4.0.5
4.0.4
4.0.3
4.0.2
4.0.13
4.0.12
4.0.11
4.0.10
4.0.1
4.0.0
3.2.9
3.2.8
3.2.7
3.2.6
3.2.5
3.2.4
3.2.3
3.2.2
3.2.12
3.2.11
3.2.10
3.2.1
3.2.0
3.2
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
Vendor: Canonical
Product: Ubuntu linux 
Version:
19.04
18.04
16.04

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/109290
https://access.redhat.com/errata/RHSA-2019:1819
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193
https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
https://seclists.org/bugtraq/2019/Jul/19
https://usn.ubuntu.com/4061-1/
https://www.debian.org/security/2019/dsa-4480

Related CVE
CVE-2019-19244
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-18676
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurri...
CVE-2019-18679
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits wi...
CVE-2019-15845
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.
CVE-2019-3466
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
CVE-2015-1607
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, rela...
CVE-2015-3166
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have ...

Copyright 2019, cxsecurity.com

 

Back to Top