Databases : Redis Integer Overflow and Stack-Based Buffer Overflow Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.813438

Categoría: Databases

Título: Redis Integer Overflow and Stack-Based Buffer Overflow Vulnerabilities

Resumen: Redis is prone to integer overflow and stack-based buffer overflow vulnerabilities.

Descripción: Summary:
Redis is prone to integer overflow and stack-based buffer overflow vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- A vulnerability within the 'struct' Lua package shipped with Redis which
contains integer overflow due to failure in bound-checking statement.

- A vulnerability within the 'cmsgpack' Lua package shipped with Redis which
contains stack-based buffer overflows.

Vulnerability Impact:
Successful exploitation will allow an attacker
to conduct a denial-of-service condition, crashing the Redis server.

Affected Software/OS:
Redis versions before 3.2.12, 4.x before 4.0.10,
and 5.x before 5.0 RC2

Solution:
Update to version 3.2.12 or 4.0.10 or
5.0 RC2 or later. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-11219
BugTraq ID: 104552
http://www.securityfocus.com/bid/104552
Debian Security Information: DSA-4230 (Google Search)
https://www.debian.org/security/2018/dsa-4230
https://security.gentoo.org/glsa/201908-04
http://antirez.com/news/119
https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3
https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
https://github.com/antirez/redis/issues/5017
https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
RedHat Security Advisories: RHSA-2019:0052
https://access.redhat.com/errata/RHSA-2019:0052
RedHat Security Advisories: RHSA-2019:0094
https://access.redhat.com/errata/RHSA-2019:0094
RedHat Security Advisories: RHSA-2019:1860
https://access.redhat.com/errata/RHSA-2019:1860
Common Vulnerability Exposure (CVE) ID: CVE-2018-11218
BugTraq ID: 104553
http://www.securityfocus.com/bid/104553
https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3
https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.813438
Categoría:	Databases
Título:	Redis Integer Overflow and Stack-Based Buffer Overflow Vulnerabilities
Resumen:	Redis is prone to integer overflow and stack-based buffer overflow vulnerabilities.
Descripción:	Summary: Redis is prone to integer overflow and stack-based buffer overflow vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - A vulnerability within the 'struct' Lua package shipped with Redis which contains integer overflow due to failure in bound-checking statement. - A vulnerability within the 'cmsgpack' Lua package shipped with Redis which contains stack-based buffer overflows. Vulnerability Impact: Successful exploitation will allow an attacker to conduct a denial-of-service condition, crashing the Redis server. Affected Software/OS: Redis versions before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 Solution: Update to version 3.2.12 or 4.0.10 or 5.0 RC2 or later. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-11219 BugTraq ID: 104552 http://www.securityfocus.com/bid/104552 Debian Security Information: DSA-4230 (Google Search) https://www.debian.org/security/2018/dsa-4230 https://security.gentoo.org/glsa/201908-04 http://antirez.com/news/119 https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936 https://github.com/antirez/redis/issues/5017 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0052 RedHat Security Advisories: RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0094 RedHat Security Advisories: RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:1860 Common Vulnerability Exposure (CVE) ID: CVE-2018-11218 BugTraq ID: 104553 http://www.securityfocus.com/bid/104553 https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0
Copyright	Copyright (C) 2018 Greenbone Networks GmbH