Vulnerability Name: CVE-2019-10192 (CCN-163669) Assigned: 2019-06-19 Published: 2019-06-19 Updated: 2021-10-28 Summary: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. CVSS v3 Severity: 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H )6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.2 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H )6.3 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): HighUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-787 CWE-122 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2019-10192 Source: BID Type: Third Party Advisory, VDB Entry109290 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:1819 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:1860 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2002 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2506 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2508 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2621 Source: REDHAT Type: Third Party AdvisoryRHSA-2019:2630 Source: CONFIRM Type: Issue Tracking, Third Party Advisoryhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192 Source: XF Type: UNKNOWNdebian-cve201910192-bo(163669) Source: CCN Type: Debian Web siteRedis Package Source: MISC Type: Release Notes, Vendor Advisoryhttps://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES Source: MISC Type: Release Notes, Vendor Advisoryhttps://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES Source: MISC Type: Release Notes, Vendor Advisoryhttps://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES Source: BUGTRAQ Type: Mailing List, Third Party Advisory20190712 [SECURITY] [DSA 4480-1] redis security update Source: CCN Type: BugTraq Mailing List, Thu, 11 Jul 2019 20:59:49 +0000redis security update Source: GENTOO Type: Third Party AdvisoryGLSA-201908-04 Source: UBUNTU Type: Third Party AdvisoryUSN-4061-1 Source: DEBIAN Type: Third Party AdvisoryDSA-4480 Source: MISC Type: Patch, Third Party Advisoryhttps://www.oracle.com/security-alerts/cpujul2020.html Vulnerable Configuration: Configuration 1 :cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version >= 4.0.0 and < 4.0.14)OR cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.2.13) OR cpe:/a:redislabs:redis:*:*:*:*:*:*:*:* (Version >= 5.0 and < 5.0.4) Configuration 2 :cpe:/a:redhat:openstack:9:*:*:*:*:*:*:* OR cpe:/a:redhat:openstack:10:*:*:*:*:*:*:* OR cpe:/a:redhat:openstack:13:*:*:*:*:*:*:* OR cpe:/a:redhat:openstack:14:*:*:*:*:*:*:* OR cpe:/a:redhat:software_collections:1.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* Configuration 3 :cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:* OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:* Configuration 4 :cpe:/o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* OR cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* OR cpe:/o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* Configuration 5 :cpe:/a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:* OR cpe:/a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:* Configuration RedHat 1 :cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
redislabs redis *
redislabs redis *
redislabs redis *
redhat openstack 9
redhat openstack 10
redhat openstack 13
redhat openstack 14
redhat software collections 1.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux eus 8.4
redhat enterprise linux server aus 8.2
redhat enterprise linux server aus 8.4
redhat enterprise linux server tus 8.2
redhat enterprise linux server tus 8.4
debian debian linux 9.0
debian debian linux 10.0
canonical ubuntu linux 19.04
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
oracle communications operations monitor 3.4
oracle communications operations monitor 4.1