CVE-2016-8339

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-8339
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8339.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-8339
Downstream
Related
Published
2016-10-28T14:59:01Z
Modified
2025-10-17T08:34:33Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

References

Affected packages

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/antirez/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "digest": {
            "length": 20691.0,
            "function_hash": "288492418366398193303725864291513460548"
        },
        "signature_type": "Function",
        "target": {
            "file": "src/config.c",
            "function": "loadServerConfigFromString"
        },
        "id": "CVE-2016-8339-6d6491f2",
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "digest": {
            "length": 10836.0,
            "function_hash": "79753074659388814966259388123951702147"
        },
        "signature_type": "Function",
        "target": {
            "file": "src/config.c",
            "function": "configSetCommand"
        },
        "id": "CVE-2016-8339-755949fa",
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "91929518650114403327479648356929727639",
                "303707289483299645619714070913754686532",
                "287044286968905208952100017543816714323",
                "28091040296025360747264416505429866000",
                "167937454072435407816312399222765377847",
                "149716668783901345383030198957770556016",
                "129673522462979996686646850885308060976",
                "146918925904832260602599581829556198245",
                "31366338915807168348761730859865025775"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "src/config.c"
        },
        "id": "CVE-2016-8339-9da90dd0",
        "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977",
        "signature_version": "v1"
    }
]

Git / github.com/antirez/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
0 Unknown introduced commit / All previous commits are affected