Vulnerability Change Records for CVE-2015-8080

Change History

Modified Analysis 6/27/2016 10:35:09 AM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     OR
          *cpe:2.3:a:pivotal_software:redis:3.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:2.8.23:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 1
     OR
          *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:pivotal_software:redis:3.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:3.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:pivotal_software:redis:2.8.23:*:*:*:*:*:*:* (and previous)

CVE Translated 4/23/2016 7:45:00 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila.
Removed Translation
Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila.

								
						

Modified Analysis 8/08/2018 9:52:38 AM

Action Type Old Value New Value
Changed CPE Configuration
OR
     *cpe:2.3:a:pivotal_software:redis:*:*:*:*:*:*:*:* versions up to (including) 2.8.23
     *cpe:2.3:a:pivotal_software:redis:3.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:pivotal_software:redis:3.0.1:*:*:*:*:*:*:*
     *cpe:2.3:a:pivotal_software:redis:3.0.2:*:*:*:*:*:*:*
     *cpe:2.3:a:pivotal_software:redis:3.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:pivotal_software:redis:3.0.4:*:*:*:*:*:*:*
     *cpe:2.3:a:pivotal_software:redis:3.0.5:*:*:*:*:*:*:*
OR
     *cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:* versions up to (including) 2.8.23
     *cpe:2.3:a:redislabs:redis:3.0.0:*:*:*:*:*:*:*
     *cpe:2.3:a:redislabs:redis:3.0.1:*:*:*:*:*:*:*
     *cpe:2.3:a:redislabs:redis:3.0.2:*:*:*:*:*:*:*
     *cpe:2.3:a:redislabs:redis:3.0.3:*:*:*:*:*:*:*
     *cpe:2.3:a:redislabs:redis:3.0.4:*:*:*:*:*:*:*
     *cpe:2.3:a:redislabs:redis:3.0.5:*:*:*:*:*:*:*
Changed CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
OR
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Changed Reference Type
http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html No Types Assigned
http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0095.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0095.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0096.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0096.html Third Party Advisory
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2016-0097.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2016-0097.html Third Party Advisory
Changed Reference Type
http://www.debian.org/security/2015/dsa-3412 No Types Assigned
http://www.debian.org/security/2015/dsa-3412 Third Party Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2015/11/06/2 No Types Assigned
http://www.openwall.com/lists/oss-security/2015/11/06/2 Mailing List, Third Party Advisory
Changed Reference Type
http://www.openwall.com/lists/oss-security/2015/11/06/4 No Types Assigned
http://www.openwall.com/lists/oss-security/2015/11/06/4 Mailing List, Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/77507 No Types Assigned
http://www.securityfocus.com/bid/77507 Third Party Advisory, VDB Entry
Changed Reference Type
https://github.com/antirez/redis/issues/2855 Exploit, Patch
https://github.com/antirez/redis/issues/2855 Exploit, Patch, Third Party Advisory
Changed Reference Type
https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES No Types Assigned
https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES Third Party Advisory
Changed Reference Type
https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES No Types Assigned
https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES Third Party Advisory
Changed Reference Type
https://security.gentoo.org/glsa/201702-16 No Types Assigned
https://security.gentoo.org/glsa/201702-16 Third Party Advisory

CVE Translated 4/22/2016 5:45:03 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila.
Removed Translation
Error de entero sin signo en la función amd64_set_ldt en sys/amd64/amd64/sys_machdep.c en FreeBSD 9.3 en versiones anteriores a p39, 10.1 en versiones anteriores a p31 y 10.2 en versiones anteriores a p14 permite a usuarios locales provocar una denegación de servicio (pánico en el kernel) a través de una llamada i386_set_ldt system, lo que desencadena un desbordamiento de buffer basado en memoria dinámica.

								
						

CVE Translated 4/22/2016 4:45:00 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Error de entero sin signo en la función amd64_set_ldt en sys/amd64/amd64/sys_machdep.c en FreeBSD 9.3 en versiones anteriores a p39, 10.1 en versiones anteriores a p31 y 10.2 en versiones anteriores a p14 permite a usuarios locales provocar una denegación de servicio (pánico en el kernel) a través de una llamada i386_set_ldt system, lo que desencadena un desbordamiento de buffer basado en memoria dinámica.
Removed Translation
Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un número grande, lo que desencadena un desbordamiento de buffer basado en memoria de pila.

								
						

CVE Modified by MITRE 6/30/2017 9:29:24 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201702-16 [No Types Assigned]

CVE Modified by Source 4/15/2016 9:59:03 PM

Action Type Old Value New Value
Changed Description
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows remote attackers to cause a denial of service (memory corruption and application crash) via a large number, which triggers a stack-based buffer overflow.
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0095.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0097.html

CVE Modified by MITRE 11/30/2016 10:1:25 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html [No Types Assigned]

CVE Modified by Source 4/22/2016 9:59:01 PM

Action Type Old Value New Value
Changed Description
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows remote attackers to cause a denial of service (memory corruption and application crash) via a large number, which triggers a stack-based buffer overflow.
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2016-0096.html

CVE Modified by MITRE 11/28/2016 2:45:59 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/77507 [No Types Assigned]

Initial CVE Analysis 4/18/2016 12:27:13 PM

Action Type Old Value New Value