CRITICAL🇵🇱 Wersja polska

CVE-2016-8339

CVSS 9.8v3.1pub. 2016-10-28upd. 2026-05-06

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Redislabs Redis

    APP
    Redislabs
    3.2.03.2.13.2.23.2.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2018-11218CRITICAL9.8ten sam produkt

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x befo...

CVE-2018-11219CRITICAL9.8ten sam produkt

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4....

CVE-2017-15047CRITICAL9.8ten sam produkt

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-...

CVE-2020-21468HIGH7.5ten sam produkt

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: th...

CVE-2021-32761HIGH7.5ten sam produkt

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer...