CVE-2016-8339

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-8339
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-8339.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-8339
Downstream
Related
Published
2016-10-28T14:59:01Z
Modified
2025-10-26T11:35:10Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6d9f8e2462fc2c426d48c941edeb78e5df7d2977

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "target": {
            "function": "loadServerConfigFromString",
            "file": "src/config.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-8339-6d6491f2",
        "digest": {
            "length": 20691.0,
            "function_hash": "288492418366398193303725864291513460548"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "target": {
            "function": "configSetCommand",
            "file": "src/config.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-8339-755949fa",
        "digest": {
            "length": 10836.0,
            "function_hash": "79753074659388814966259388123951702147"
        },
        "signature_type": "Function"
    },
    {
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "target": {
            "file": "src/config.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2016-8339-9da90dd0",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "91929518650114403327479648356929727639",
                "303707289483299645619714070913754686532",
                "287044286968905208952100017543816714323",
                "28091040296025360747264416505429866000",
                "167937454072435407816312399222765377847",
                "149716668783901345383030198957770556016",
                "129673522462979996686646850885308060976",
                "146918925904832260602599581829556198245",
                "31366338915807168348761730859865025775"
            ]
        },
        "signature_type": "Line"
    }
]

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected