CVE-2019-10192 vulnerability in Red Hat and Other Products
Published on July 11, 2019
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
Vendor Advisory
NVD
Weakness Type
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Products Associated with CVE-2019-10192
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10192 are published in these products:
Affected Versions
Redis Labs redis:- Version 3.x before 3.2.13 is affected.
- Version 4.x before 4.0.14 is affected.
- Version 5.x before 5.0.4 is affected.
Exploit Probability
EPSS
21.64%
Percentile
95.61%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.