OverviewTalos is disclosing TALOS-2016-0206/CVE-2016-8339, an out-of-bounds write vulnerability in Redis. Redis is a simple in-memory data structure store using a key-value model. Redis has been growing in popularity due to its ability to handle problems that other databases can't solve or are inherently slow at. This particular vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write, potentially resulting in code execution.
DetailsAn out of bounds write vulnerability exists during the modification of the `client-output-buffer-limit` option using the `CONFIG SET` command. The required syntax for setting the `client-output-buffer-limit` option is shown below.
CoverageThe following Snort Rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rule: 40301