The vulnerability of the Redis database management system server allows a hacker to execute arbitrary code.

The vulnerability of the Redis database management system is related to a numerical overflow in the buffer when executing commands that use the HyperLogLog algorithm. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted HLL command...

FreeBSD : redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE (f11d0a69-5b2d-11f0-b507-000c295725e4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f11d0a69-5b2d-11f0-b507-000c295725e4 advisory. Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap...

PT-2025-28183

Name of the Vulnerable Software and Affected Versions: Redis versions 2.8 through 8.0.3, 7.4.5, 7.2.10, and 6.2.19. Valkey versions up to 8.1.3 and 8.0.4 are also affected. Description: Redis and Valkey are vulnerable to a heap-based buffer overflow in the HyperLogLog functionality. An...

redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE

Seunghyun Lee reports: An authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution...

RHEL 7 : redis (RHSA-2019:2630)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2630 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

RHEL 7 : redis (RHSA-2019:2506)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2506 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

RHEL 7 : redis (RHSA-2019:2621)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2621 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and...

SUSE CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past...

SUSE CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write ...

CVE-2019-10193

A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By corrupting a HyperLogLog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer...

CVE-2019-10192

A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer...

Security fix for the ALT Linux 8 package redis version 3.0.7-alt2

3.0.7-alt2 built Nov. 27, 2019 Grigory Ustinov in task 241717 Nov. 26, 2019 Grigory Ustinov - Fixed hyperloglog corruption Fixes: CVE-2019-10192 Closes: 37533...

The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure when the SETRANGE command is executed. This command allows the addition of up to 12 bytes of information beyond the stack limit. Exploiting...

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure when the SETRANGE command is executed. This flaw allows up to 3 bytes of information to be inserted beyond the buffer memory limit...

The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure. This flaw occurs when the SETRANGE command is executed, allowing up to 3 bytes of information to be written beyond the memory buffer...

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure during the execution of the SETRANGE command. This flaw allows up to 12 bytes of information to be added beyond the stack limit. Exploiting...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer...

Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer...