CVE-2016-8339 in Redisinfo

Summary

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

Be aware that VulDB is the high quality source for vulnerability data.

Responsible

Talos

Reservation

09/28/2016

Disclosure

10/28/2016

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-119

CVSS

8.7

EPSS

0.02487

CTI

None

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8339
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8339
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8339/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!