CVE-2017-15047

Priority
Description
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers
to cause a denial of service (out-of-bounds array index and application
crash) or possibly have unspecified other impact by leveraging "limited
access to the machine."
Notes
leosilvacode not present in trusty
msalvatore"All versions since 2.6.0-rc1 affected" ~ lamby Oct 9, 2017
Dispite this, the cluster.c file does not exist in trusty, nor
does the function clusterLoadConfig().
Package
Source: redis (LP Ubuntu Debian)
Upstream:released (4:4.0.2-5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected ([code not present])
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.0.6-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5:4.0.9-1)
More Information

Updated: 2020-01-29 19:58:28 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)