CVE-2017-15047

Priority
Low
Description
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers
to cause a denial of service (out-of-bounds array index and application
crash) or possibly have unspecified other impact by leveraging "limited
access to the machine."
References
Notes
 leosilva> code not present in trusty
 msalvatore> "All versions since 2.6.0-rc1 affected" ~ lamby Oct 9, 2017
 msalvatore> Dispite this, the cluster.c file does not exist in trusty, nor
  does the function clusterLoadConfig().
Package
Source: redis (LP Ubuntu Debian)
Upstream:released (4:4.0.2-5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released-esm (2:3.0.6-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5:4.0.9-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (5:4.0.11-2)
More Information

Updated: 2018-08-16 14:14:26 UTC (commit 14dfc3b20e8029e5d341face603e8aa2d47cd055)