CVE-2019-10192 - A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x

CVE-2019-10192

Summary

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

References

Vulnerable Configurations

cpe:2.3:a:redislabs:redis:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:-:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc4:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc5:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0:rc6:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redislabs:redis:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 28-10-2021 - 12:14)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2019:1819
rhsa
id RHSA-2019:1860
rhsa
id RHSA-2019:2002
rhsa
id RHSA-2019:2506
rhsa
id RHSA-2019:2508
rhsa
id RHSA-2019:2621
rhsa
id RHSA-2019:2630

rpms

rh-redis5-redis-0:5.0.5-1.el7
rh-redis5-redis-debuginfo-0:5.0.5-1.el7
rh-redis32-redis-0:3.2.13-1.el6
rh-redis32-redis-0:3.2.13-1.el7
rh-redis32-redis-debuginfo-0:3.2.13-1.el6
rh-redis32-redis-debuginfo-0:3.2.13-1.el7
redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
redis-debugsource-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
redis-devel-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
redis-doc-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc
redis-0:3.0.6-5.el7ost
redis-debuginfo-0:3.0.6-5.el7ost
redis-0:3.0.6-5.el7ost
redis-debuginfo-0:3.0.6-5.el7ost
redis-0:3.2.8-4.el7ost
redis-debuginfo-0:3.2.8-4.el7ost
redis-0:3.2.8-4.el7ost
redis-debuginfo-0:3.2.8-4.el7ost
redis-0:3.0.6-5.el7ost
redis-debuginfo-0:3.0.6-5.el7ost

refmap via4

bid	109290
bugtraq	20190712 [SECURITY] [DSA 4480-1] redis security update
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192
debian	DSA-4480
gentoo	GLSA-201908-04
misc	https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://www.oracle.com/security-alerts/cpujul2020.html
ubuntu	USN-4061-1

Last major update

28-10-2021 - 12:14

Published

11-07-2019 - 19:15

Last modified

28-10-2021 - 12:14