ID CVE-2019-10193
Summary A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
References
Vulnerable Configurations
  • cpe:2.3:a:redislabs:redis:5.0:-:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:4.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:4.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta6:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta6:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta7:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta7:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:beta8:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:beta8:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.0:rc6:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2:-:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2:-:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.0:-:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:redislabs:redis:3.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:redislabs:redis:3.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 28-10-2021 - 12:14)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1727668
    title CVE-2019-10193 redis: Stack buffer overflow in HyperLogLog triggered by malicious client
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • comment Module redis:5 is enabled
        oval oval:com.redhat.rhsa:tst:20192002009
      • OR
        • AND
          • comment redis is earlier than 0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
            oval oval:com.redhat.rhsa:tst:20192002001
          • comment redis is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192002002
        • AND
          • comment redis-debugsource is earlier than 0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
            oval oval:com.redhat.rhsa:tst:20192002003
          • comment redis-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192002004
        • AND
          • comment redis-devel is earlier than 0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
            oval oval:com.redhat.rhsa:tst:20192002005
          • comment redis-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192002006
        • AND
          • comment redis-doc is earlier than 0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
            oval oval:com.redhat.rhsa:tst:20192002007
          • comment redis-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192002008
    rhsa
    id RHSA-2019:2002
    released 2019-08-07
    severity Important
    title RHSA-2019:2002: redis:5 security update (Important)
  • rhsa
    id RHSA-2019:1819
rpms
  • rh-redis5-redis-0:5.0.5-1.el7
  • rh-redis5-redis-debuginfo-0:5.0.5-1.el7
  • redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
  • redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
  • redis-debugsource-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
  • redis-devel-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
  • redis-doc-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
refmap via4
bid 109290
bugtraq 20190712 [SECURITY] [DSA 4480-1] redis security update
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193
debian DSA-4480
gentoo GLSA-201908-04
misc
ubuntu USN-4061-1
Last major update 28-10-2021 - 12:14
Published 11-07-2019 - 19:15
Last modified 28-10-2021 - 12:14
Back to Top