CVE-2016-10517

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-10517
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10517.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-10517
Downstream
Related
Published
2017-10-24T18:29:00.197Z
Modified
2026-02-21T00:26:58.581657Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
874804da0c014a7d704b3d285aa500098a931f50

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10517.json"
vanir_signatures 
[
    {
        "target": {
            "file": "src/server.c"
        },
        "digest": {
            "line_hashes": [
                "124880604520077166671741876553448855320",
                "17607989238585627192006328325640026296",
                "316040378880908604113778517788260677767",
                "93458149514543909809984600211885125528"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2016-10517-34fc378b",
        "source": "https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/server.h"
        },
        "digest": {
            "line_hashes": [
                "293441393269233123675708999680469895646",
                "70362983986487224871491241103974749383",
                "205390326808090795749215624981622578027",
                "304632248323533289008649620454653853583"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2016-10517-8b5e18a9",
        "source": "https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/networking.c"
        },
        "digest": {
            "line_hashes": [
                "163148284592519125185901164272060612753",
                "70451653832058093279536878907119473300",
                "215185346124952849263144259165636240912",
                "100079807825566757584135242790465355990",
                "199479240253159866632050854038291740593",
                "245006625046125700008417689478308844302",
                "96178466864819807631888675772326466251"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2016-10517-c30ff40c",
        "source": "https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50",
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "target": {
            "file": "src/networking.c",
            "function": "processInputBuffer"
        },
        "digest": {
            "length": 876.0,
            "function_hash": "152124302612145123004825358630729190358"
        },
        "signature_type": "Function",
        "id": "CVE-2016-10517-f00326f7",
        "source": "https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50",
        "deprecated": false,
        "signature_version": "v1"
    }
]