Home CVE Database CVE-2015-8080

CVE-2015-8080

Description

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.

Priority: Medium
CVSS v3: 7.5
Publish Date: Apr 13, 2016
Related ID: --
CVSS v2: High
Modified Date: Apr 22, 2016

Find out more about CVE-2015-8080 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

redis

Live chat
Online