CVE-2019-10192

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-10192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-10192
Related
Published
2019-07-11T19:15:12Z
Modified
2024-09-18T03:04:36.748823Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.

References

Affected packages

Alpine:v3.10 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.11 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.12 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.13 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.14 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.15 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.16 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.17 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.18 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.19 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.4-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0
4.0.13-r0

Alpine:v3.7 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.14-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.10-r0
4.0.11-r0

Alpine:v3.8 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.14-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0

Alpine:v3.9 / redis

Package

Name
redis
Purl
pkg:apk/alpine/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.14-r0

Affected versions

2.*

2.4.14-r0
2.4.14-r1
2.4.14-r2
2.4.16-r0
2.6.16-r0
2.6.17-r0
2.8.9-r0
2.8.9-r1
2.8.9-r2
2.8.10-r0
2.8.11-r0
2.8.12-r0
2.8.13-r0
2.8.14-r0
2.8.17-r0
2.8.19-r0

3.*

3.0.0-r0
3.0.0-r1
3.0.1-r0
3.0.2-r0
3.0.3-r0
3.0.4-r0
3.0.5-r0
3.0.5-r1
3.0.6-r0
3.0.7-r0
3.0.7-r1
3.2.0-r0
3.2.1-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.7-r0
3.2.8-r0
3.2.9-r0

4.*

4.0.2-r0
4.0.2-r1
4.0.5-r0
4.0.6-r0
4.0.8-r0
4.0.9-r0
4.0.9-r1
4.0.9-r2
4.0.10-r0
4.0.10-r1
4.0.11-r0
4.0.12-r0

Debian:11 / redis

Package

Name
redis
Purl
pkg:deb/debian/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5:5.0.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / redis

Package

Name
redis
Purl
pkg:deb/debian/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5:5.0.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / redis

Package

Name
redis
Purl
pkg:deb/debian/redis?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5:5.0.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Type
GIT
Repo
https://github.com/redis/redis
Events

Affected versions

4.*

4.0.0
4.0.1
4.0.10
4.0.11
4.0.12
4.0.13
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9