CVE-2016-8339

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
talosCNA
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
redislabsredis
3.2.0
redislabsredis
3.2.1
redislabsredis
3.2.2
redislabsredis
3.2.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
redis
bullseye
5:6.0.16-1+deb11u2
fixed
jessie
not-affected
wheezy
not-affected
bullseye (security)
5:6.0.16-1+deb11u3
fixed
bookworm
5:7.0.15-1~deb12u1
fixed
bookworm (security)
5:7.0.15-1~deb12u1
fixed
sid
5:7.0.15-2
fixed
trixie
5:7.0.15-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
redis
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
not-affected
trusty
not-affected
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93283
http://www.talosintelligence.com/reports/TALOS-2016-0206/
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
https://security.gentoo.org/glsa/201702-16
http://www.securityfocus.com/bid/93283
http://www.talosintelligence.com/reports/TALOS-2016-0206/
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
https://security.gentoo.org/glsa/201702-16