A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
[ { "deprecated": false, "digest": { "length": 20691.0, "function_hash": "288492418366398193303725864291513460548" }, "signature_type": "Function", "target": { "file": "src/config.c", "function": "loadServerConfigFromString" }, "id": "CVE-2016-8339-6d6491f2", "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977", "signature_version": "v1" }, { "deprecated": false, "digest": { "length": 10836.0, "function_hash": "79753074659388814966259388123951702147" }, "signature_type": "Function", "target": { "file": "src/config.c", "function": "configSetCommand" }, "id": "CVE-2016-8339-755949fa", "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977", "signature_version": "v1" }, { "deprecated": false, "digest": { "line_hashes": [ "91929518650114403327479648356929727639", "303707289483299645619714070913754686532", "287044286968905208952100017543816714323", "28091040296025360747264416505429866000", "167937454072435407816312399222765377847", "149716668783901345383030198957770556016", "129673522462979996686646850885308060976", "146918925904832260602599581829556198245", "31366338915807168348761730859865025775" ], "threshold": 0.9 }, "signature_type": "Line", "target": { "file": "src/config.c" }, "id": "CVE-2016-8339-9da90dd0", "source": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977", "signature_version": "v1" } ]