Bug 1499152 (CVE-2017-15047) - CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function
Summary: CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig ...
Alias: CVE-2017-15047
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1499153 1499154
Blocks: 1499157
TreeView+ depends on / blocked
Reported: 2017-10-06 09:28 UTC by Andrej Nemec
Modified: 2019-09-29 14:23 UTC (History)
32 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-06-08 03:26:40 UTC

Attachments (Terms of Use)

Description Andrej Nemec 2017-10-06 09:28:25 UTC
The clusterLoadConfig function in cluster.c in Redis allows local attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

Upstream issue:


Comment 1 Andrej Nemec 2017-10-06 09:29:36 UTC
Created redis tracking bugs for this issue:

Affects: epel-all [bug 1499153]
Affects: fedora-all [bug 1499154]

Comment 2 Nathan Scott 2017-10-11 05:24:21 UTC
FWIW, I don't believe this issue is exploitable for default Redis configurations with any Red Hat product or Fedora packages  (probably the Severity and Priority of this BZ should be lowered).

I've added a note and github pull request fixing the underlying bug, upstream:


Comment 3 Joshua Padman 2017-10-12 22:51:40 UTC
Changed impact to low as this requires access to modify redis owned files, with that access there would be better way to exploit the system/service. 
Changed CVSS score based on impact to availability, low is still generous as with redis user access you could just kill the process anyway.

Permissions are validated for all current OpenStack packages.

Comment 4 Jason Shepherd 2017-11-17 00:07:51 UTC
There is no local user access for Redis deployed to RHAMP On-premise. Redis runs in a dedicated container pod with no other shared users. Marking as not affected.

Note You need to log in before you can comment on or make changes to this bug.