cve-2016-8339
Vulnerability from cvelistv5
Published
2016-10-28 14:00
Modified
2024-08-06 02:20
Severity ?
6.6 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
References
talos-cna@cisco.comhttp://www.securityfocus.com/bid/93283Third Party Advisory, VDB Entry
talos-cna@cisco.comhttp://www.talosintelligence.com/reports/TALOS-2016-0206/Exploit, Third Party Advisory
talos-cna@cisco.comhttps://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977Patch, Third Party Advisory
talos-cna@cisco.comhttps://security.gentoo.org/glsa/201702-16Third Party Advisory
Impacted products
RedisRedis
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:20:30.582Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93283",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93283"
          },
          {
            "name": "GLSA-201702-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Redis",
          "vendor": "Redis",
          "versions": [
            {
              "status": "affected",
              "version": "3.2.x prior to 3.2.4"
            }
          ]
        }
      ],
      "datePublic": "2016-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T19:16:25",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "93283",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93283"
        },
        {
          "name": "GLSA-201702-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2016-8339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Redis",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.2.x prior to 3.2.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Redis"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.6,
            "baseSeverity": "Medium",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93283",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93283"
            },
            {
              "name": "GLSA-201702-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-16"
            },
            {
              "name": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
              "refsource": "MISC",
              "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977"
            },
            {
              "name": "http://www.talosintelligence.com/reports/TALOS-2016-0206/",
              "refsource": "MISC",
              "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2016-8339",
    "datePublished": "2016-10-28T14:00:00",
    "dateReserved": "2016-09-28T00:00:00",
    "dateUpdated": "2024-08-06T02:20:30.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8339\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2016-10-28T14:59:01.603\",\"lastModified\":\"2023-01-30T19:50:41.207\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en Redis 3.2.x antes de 3.2.4 provoca ejecuci\u00f3n de c\u00f3digo arbitrario cuando un comando manipulado es enviado. Una vulnerabilidad de escritura fuera de l\u00edmites existe en el manejo de la opci\u00f3n client-output-buffer-limit durante el comando CONFIG SET para la estructura de almac\u00e9n de datos Redis. Un comando CONFIG SET manipulado puede llevar a una escritura fuera de l\u00edmites resultando potencialmente en ejecuci\u00f3n de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54063636-8CE2-408B-BF17-6E68977D4028\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F4E0B88-C020-47C0-9420-E508B9D196B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC52A6CD-A02A-4153-A353-8BA8AD36EDD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"227C8FB9-639D-46BD-9484-24F40B3339C1\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93283\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.talosintelligence.com/reports/TALOS-2016-0206/\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-16\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.