Stack buffer overflow due to failure to validate register values in hllDenseRegHisto(). By corrupting a hyperloglog structure in Redis using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
External References: https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
Created redis tracking bugs for this issue: Affects: openstack-rdo [bug 1727721]
Upstream commit: https://github.com/antirez/redis/commit/a4b90be9fcd5e1668ac941cabce3b1ab38dbe326
Upstream timeline: https://github.com/antirez/redis/issues/6215
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Via RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1819
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-10193
Statement: The following product versions are not affected because they do not ship the vulnerable code: * Red Hat OpenStack Platform, all versions * Red Hat Ceph Storage 3, which only ships the client-side part of Redis in its packaged Grafana. * Red Hat Gluster Storage 3, which only ships the client-side part of Redis in its packaged Grafana and Heketi.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2002