CVE-2015-8080

by Fred · 13/04/2016

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.

Date published : 2016-04-13

http://www.securityfocus.com/bid/77507

https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES

CVE-2015-8080

Similar

Recent Posts

Categories

CVE-2015-8080

Share this:

Similar

Recent Posts

Categories

Tags