Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Related bugs and status

CVE-2019-10192 (Candidate) is related to these bugs:

Bug #1836496: CVE-2019-10192 CVE-2019-10193

Summary				In	Importance	Status
	1836496	CVE-2019-10192 CVE-2019-10193		redis (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugzilla.redha...
MISC: https://raw.githubuser...
MISC: https://raw.githubuser...
MISC: https://raw.githubuser...
BUGTRAQ: 20190712 [SECURITY] [D...
DEBIAN: DSA-4480
UBUNTU: USN-4061-1
BID: 109290
REDHAT: RHSA-2019:1819
REDHAT: RHSA-2019:1860
REDHAT: RHSA-2019:2002
GENTOO: GLSA-201908-04
REDHAT: RHSA-2019:2506
REDHAT: RHSA-2019:2508
REDHAT: RHSA-2019:2621
REDHAT: RHSA-2019:2630
MISC: https://www.oracle.com...