A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | redis | < 3:3.2.4-1 | redis_3:3.2.4-1_all.deb |
Debian | 11 | all | redis | < 3:3.2.4-1 | redis_3:3.2.4-1_all.deb |
Debian | 10 | all | redis | < 3:3.2.4-1 | redis_3:3.2.4-1_all.deb |
Debian | 999 | all | redis | < 3:3.2.4-1 | redis_3:3.2.4-1_all.deb |
Debian | 13 | all | redis | < 3:3.2.4-1 | redis_3:3.2.4-1_all.deb |