CVE-2019-10192 in Hyperloglog Data Structureinformation

Résumé

par MITRE

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Red Hat, Inc.

Réserver

27/03/2019

Modérer

accepté

Entrée

VDB-137752

CPE

prêt

CWE

CWE-119 (confirmé)

CVSS

7.2 (NVD)

EPSS

0.22307

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-10192
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-10192
CVE Details	https://www.cvedetails.com/cve/CVE-2019-10192/

◂ Précédent Aperçu Suivant ▸

Do you know our Splunk app?

Download it now for free!