[3.3] redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow (CVE-2015-8080)
It was found that getnum() function in lua_struct.c is vulnerable to
integer overflow that
can be used to trigger stack-based buffer overflow. getnum() can be tricked into an integer
wraparound with a large size number as input, thus returning a negative value.
This affects all released versions of redis in both 2.8 and 3.0
2.8.23 and 3.0.5 is affected.
(from redmine: issue id 4944, created on 2015-12-10, closed on 2015-12-19)
- parent #4943 (closed)
- Revision 143427d6 by Natanael Copa on 2015-12-16T12:37:55Z:
main/redis: security fix for CVE-2015-8080 ref #4943 fixes #4944