ubuntu · CVE-2016-8339

Quick triage

Priority: medium Published: 2016-10-28 14:59:00 UTC Updated: 2025-08-25 22:11:52 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-8339 medium priority: Ubuntu including 1 source packages (redis), 8 status rows across 8 suites (artful, bionic, precise, trusty, upstream, xenial, yakkety, zesty): ignored 4, not-affected 3, released 1.

Description:

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

cvelogic Threat Intelligence