Bug 1727668 (CVE-2019-10193) - CVE-2019-10193 redis: Stack buffer overflow in HyperLogLog triggered by malicious client
Summary: CVE-2019-10193 redis: Stack buffer overflow in HyperLogLog triggered by malic...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-10193
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1727721 1728471 1727715 1727716 1727717 1727718 1727719 1728470 1728916 1728917
Blocks: 1727663
TreeView+ depends on / blocked
 
Reported: 2019-07-08 00:12 UTC by Summer Long
Modified: 2019-09-29 15:15 UTC (History)
26 users (show)

Fixed In Version: Redis 3.2.13, Redis 4.0.14, Redis 5.0.4
Doc Type: ---
Doc Text:
A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By corrupting a HyperLogLog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Clone Of:
Environment:
Last Closed: 2019-07-22 15:07:23 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:1819 None None None 2019-07-22 13:34:25 UTC
Red Hat Product Errata RHSA-2019:2002 None None None 2019-08-07 10:52:22 UTC

Description Summer Long 2019-07-08 00:12:57 UTC
Stack buffer overflow due to failure to validate register values in hllDenseRegHisto(). By corrupting a hyperloglog structure in Redis using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.

Comment 5 Summer Long 2019-07-08 04:26:34 UTC
Created redis tracking bugs for this issue:

Affects: openstack-rdo [bug 1727721]

Comment 7 Summer Long 2019-07-10 00:20:33 UTC
Upstream timeline: https://github.com/antirez/redis/issues/6215

Comment 12 errata-xmlrpc 2019-07-22 13:34:24 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS

Via RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1819

Comment 13 Product Security DevOps Team 2019-07-22 15:07:23 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-10193

Comment 16 Hardik Vyas 2019-08-07 05:54:01 UTC
Statement:

The following product versions are not affected because they do not ship the vulnerable code:
* Red Hat OpenStack Platform, all versions
* Red Hat Ceph Storage 3, which only ships the client-side part of Redis in its packaged Grafana.
* Red Hat Gluster Storage 3, which only ships the client-side part of Redis in its packaged Grafana and Heketi.

Comment 17 errata-xmlrpc 2019-08-07 10:52:21 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2002


Note You need to log in before you can comment on or make changes to this bug.