1
Candidate: CVE-2016-8339
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8339
5
http://www.talosintelligence.com/reports/TALOS-2016-0206/
7
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code
8
execution when a crafted command is sent. An out of bounds write
9
vulnerability exists in the handling of the client-output-buffer-limit
10
option during the CONFIG SET command for the Redis data structure store. A
11
crafted CONFIG SET command can lead to an out of bounds write potentially
12
resulting in code execution.
15
leosilva> according with notes in upstream patch versions are affected
16
leosilva> only after 3.2.
23
patch: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
24
upstream_redis: released (3:3.2.4-1)
25
precise_redis: ignored (reached end-of-life)
26
precise/esm_redis: DNE (precise was needs-triage)
27
trusty_redis: not-affected
28
vivid/stable-phone-overlay_redis: DNE
29
vivid/ubuntu-core_redis: DNE
30
xenial_redis: not-affected
31
yakkety_redis: ignored (reached end-of-life)
32
zesty_redis: ignored (reached end-of-life)
33
artful_redis: needs-triage
34
bionic_redis: needs-triage
35
devel_redis: needs-triage