PT-2016-3851 · Redis+1 · Redis+1

Kaeso

+1

·

Published

2015-12-03

·

Updated

2026-05-18

·

CVE-2015-8080

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions 2.8.x through 2.8.23 Redis versions 3.0.x through 3.0.5
Description The issue is related to an integer overflow in the getnum function in lua struct.c. This allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service, including memory corruption and application crash, or possibly bypass intended sandbox restrictions. The attack is triggered by a large number, which causes a stack-based buffer overflow.
Recommendations For Redis versions 2.8.x through 2.8.23, update to version 2.8.24 or later. For Redis versions 3.0.x through 3.0.5, update to version 3.0.6 or later.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2015-2155
ALT-PU-2020-1647
ALT-PU-2021-2093
ALT-PU-2023-4109
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2015-8080
DSA-3412-1
MGASA-2015-0472
OPENSUSE-SU-2024:11299-1
RHSA-2016:0095
RHSA-2016:0096
RHSA-2016:0097
SUSE-OU-2020:3291-1

Affected Products

Alt Linux
Redis