CVE-2016-8339

Name of the Vulnerable Software and Affected Versions Redis versions 3.2.x prior to 3.2.4

Description A buffer overflow in Redis causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

Recommendations For Redis versions 3.2.x prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CONFIG SET command to minimize the risk of exploitation. Avoid using the client-output-buffer-limit option in the CONFIG SET command until the issue is resolved.