redis: Heap buffer overflow in HyperLogLog triggered by malicious client

🗓️ 07 Aug 2019 10:53:11Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Redis HyperLogLog overflow via SETRANGE; malicious client writes up to three bytes past heap buffer.

Reporter	Title	Published	Views	Family All 112
ALT Linux	Security fix for the ALT Linux 8 package redis version 3.0.7-alt2	27 Nov 201900:00	–	altlinux
AlpineLinux	CVE-2019-10192	11 Jul 201918:30	–	alpinelinux
BDU FSTEC	The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.	16 Oct 201900:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.	16 Oct 201900:00	–	bdu_fstec
Check Point Advisories	Redis Buffer Overflow (CVE-2019-10192; CVE-2019-10193)	5 Feb 202000:00	–	checkpoint_advisories
CVE	CVE-2019-10192	11 Jul 201918:30	–	cve
Cvelist	CVE-2019-10192	11 Jul 201918:30	–	cvelist
Debian	[SECURITY] [DLA 1850-1] redis security update	10 Jul 201913:45	–	debian
Debian	[SECURITY] [DSA 4480-1] redis security update	11 Jul 201920:59	–	debian
Debian CVE	CVE-2019-10192	11 Jul 201918:30	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	8	aarch64	redis	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	redis	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	redis	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	redis	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	redis-debuginfo	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	redis-debuginfo	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.ppc64le.rpm
Red Hat Enterprise Linux	8	s390x	redis-debuginfo	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.s390x.rpm
Red Hat Enterprise Linux	8	x86_64	redis-debuginfo	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debuginfo-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.x86_64.rpm
Red Hat Enterprise Linux	8	aarch64	redis-debugsource	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debugsource-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.aarch64.rpm
Red Hat Enterprise Linux	8	ppc64le	redis-debugsource	0:5.0.3-2.module+el8.0.0.z+3657+acb471dc	redis-debugsource-0:5.0.3-2.module+el8.0.0.z+3657+acb471dc.ppc64le.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2019-10192
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-10192
raw	www.raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
raw	www.raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
raw	www.raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
cve	www.cve.org/CVERecord

21 Nov 2025 18:09Current

5.9Medium risk

Vulners AI Score5.9

CVSS 26.5

CVSS 3.17.2

CVSS 37.2

EPSS0.22307

Redis HyperLogLog heap overflow malicious client SETRANGE command dense encoding