Critical severity9.8NVD Advisory· Published Oct 28, 2016· Updated Jun 17, 2026
CVE-2016-8339
CVE-2016-8339
Description
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:redislabs:redis:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:redislabs:redis:3.2.3:*:*:*:*:*:*:*
- (no CPE)range: <3.2.4
- (no CPE)range: 3.2.x prior to 3.2.4
- osv-coords2 versionspkg:rpm/opensuse/redis&distro=openSUSE%20Tumbleweedpkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2
< 3.2.4-1.1+ 1 more
- (no CPE)range: < 3.2.4-1.1
- (no CPE)range: < 6.0.8-1.3.1
Patches
Vulnerability mechanics
References
4- github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977nvdPatchThird Party Advisory
- www.talosintelligence.com/reports/TALOS-2016-0206/nvdExploitThird Party Advisory
- www.securityfocus.com/bid/93283nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201702-16nvdThird Party Advisory
News mentions
0No linked articles in our index yet.