Bug 1723918 (CVE-2019-10192) - CVE-2019-10192 redis: Heap buffer overflow in HyperLogLog triggered by malicious client
Summary: CVE-2019-10192 redis: Heap buffer overflow in HyperLogLog triggered by malici...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-10192
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1727720 1728925 1728927 1727710 1727711 1727712 1727713 1727714 1728468 1728469 1728918 1728924 1728926 1728928 1728929
Blocks: 1719403
TreeView+ depends on / blocked
 
Reported: 2019-06-25 18:08 UTC by Pedro Sampaio
Modified: 2019-09-29 15:15 UTC (History)
35 users (show)

Fixed In Version: Redis 3.2.13, Redis 4.0.14, Redis 5.0.4
Doc Type: If docs needed, set a value
Doc Text:
A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer.
Clone Of:
Environment:
Last Closed: 2019-07-22 15:07:14 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1819 None None None 2019-07-22 13:34:25 UTC
Red Hat Product Errata RHSA-2019:1860 None None None 2019-07-25 16:08:22 UTC
Red Hat Product Errata RHSA-2019:2002 None None None 2019-08-07 10:52:22 UTC
Red Hat Product Errata RHSA-2019:2506 None None None 2019-08-15 14:06:55 UTC
Red Hat Product Errata RHSA-2019:2508 None None None 2019-08-15 14:08:55 UTC
Red Hat Product Errata RHSA-2019:2621 None None None 2019-09-03 15:34:22 UTC
Red Hat Product Errata RHSA-2019:2628 None None None 2019-09-03 16:53:24 UTC
Red Hat Product Errata RHSA-2019:2630 None None None 2019-09-03 16:35:15 UTC

Description Pedro Sampaio 2019-06-25 18:08:35 UTC
Heap buffer overflow with corrupted hyperloglog data structure. By carefully corrupting a hyperloglog structure in redis using the SETRANGE command, an attacker could trick redis' interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Upstream patches: 
https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0
https://github.com/antirez/redis/commit/9f13b2bd4967334b1701c6eccdf53760cb13f79e

Comment 6 Summer Long 2019-07-07 23:51:20 UTC
Heap buffer overflow with corrupted hyperloglog data structure. By carefully corrupting a hyperloglog structure in redis using the SETRANGE command, an attacker could trick redis' interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

Upstream patches: 
https://github.com/antirez/redis/commit/e216ceaf0e099536fe3658a29dcb725d812364e0
https://github.com/antirez/redis/commit/9f13b2bd4967334b1701c6eccdf53760cb13f79e

Comment 9 Summer Long 2019-07-08 04:25:51 UTC
Created redis tracking bugs for this issue:

Affects: openstack-rdo [bug 1727720]

Comment 10 Summer Long 2019-07-10 00:20:58 UTC
Upstream timeline: https://github.com/antirez/redis/issues/6215

Comment 17 Hardik Vyas 2019-07-11 13:41:37 UTC
Statement:

* This issue did not affect the version of grafana(embeds redis) as shipped with Red Hat Gluster Storage 3 and Red Hat Ceph Storage 3 as it only ships client side part of redis implementation.
* This issue did not affect the version of heketi(embeds redis) as shipped with Red Hat Gluster Storage 3 as it only ships client side part of redis implementation.

Comment 18 errata-xmlrpc 2019-07-22 13:34:23 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1819

Comment 19 Product Security DevOps Team 2019-07-22 15:07:14 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-10192

Comment 20 errata-xmlrpc 2019-07-25 16:08:21 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6

Via RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:1860

Comment 21 errata-xmlrpc 2019-08-07 10:52:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2002

Comment 22 errata-xmlrpc 2019-08-15 14:06:53 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 Operational Tools for RHEL 7

Via RHSA-2019:2506 https://access.redhat.com/errata/RHSA-2019:2506

Comment 23 errata-xmlrpc 2019-08-15 14:08:53 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2019:2508 https://access.redhat.com/errata/RHSA-2019:2508

Comment 25 errata-xmlrpc 2019-09-03 15:34:20 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 14.0 (Rocky)

Via RHSA-2019:2621 https://access.redhat.com/errata/RHSA-2019:2621

Comment 26 errata-xmlrpc 2019-09-03 16:35:14 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 10.0 (Newton)

Via RHSA-2019:2630 https://access.redhat.com/errata/RHSA-2019:2630

Comment 27 errata-xmlrpc 2019-09-03 16:53:22 UTC
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)

Via RHSA-2019:2628 https://access.redhat.com/errata/RHSA-2019:2628


Note You need to log in before you can comment on or make changes to this bug.