redis is vulnerable to arbitrary code execution. A heap-based buffer overflow with corrupted hyperloglog data structure allows an attacker to execute arbitrary code by carefully corrupting a hyperloglog structure using the SETRANGE
command to trick the interpretation of dense HLL
encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
www.securityfocus.com/bid/109290
access.redhat.com/errata/RHSA-2019:1819
access.redhat.com/errata/RHSA-2019:1860
access.redhat.com/errata/RHSA-2019:2002
access.redhat.com/errata/RHSA-2019:2506
access.redhat.com/errata/RHSA-2019:2508
access.redhat.com/errata/RHSA-2019:2621
access.redhat.com/errata/RHSA-2019:2630
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192
raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES
raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES
raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES
seclists.org/bugtraq/2019/Jul/19
security.gentoo.org/glsa/201908-04
usn.ubuntu.com/4061-1/
www.debian.org/security/2019/dsa-4480
www.oracle.com/security-alerts/cpujul2020.html