CVE-2017-15047

Priority
Description
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers
to cause a denial of service (out-of-bounds array index and application
crash) or possibly have unspecified other impact by leveraging "limited
access to the machine."
Notes
 leosilva> code not present in trusty
 msalvatore> "All versions since 2.6.0-rc1 affected" ~ lamby Oct 9, 2017
 msalvatore> Dispite this, the cluster.c file does not exist in trusty, nor
  does the function clusterLoadConfig().
Package
Source: redis (LP Ubuntu Debian)
Upstream:released (4:4.0.2-5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.0.6-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (5:4.0.9-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (5:4.0.11-2)
More Information

Updated: 2019-01-14 22:29:33 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)