CVE-2016-10639

Name of the Vulnerable Software and Affected Versions redis-srvr versions (affected versions not specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. If an attacker is positioned between the user and the remote server or has a privileged network position, they can potentially intercept the response and replace the executable with a malicious one. This could result in remote code execution (RCE) on the system running redis-srvr.

Recommendations Avoid using the redis-srvr package if possible, and consider using a different package instead. As a mitigation measure, reduce the risk of exploitation by not installing this package while connected to a public network. If installed on a private network, ensure that network security is maintained to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.