{"id":"CVE-2017-15047","details":"The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging \"limited access to the machine.\"","modified":"2026-04-16T06:17:35.176362179Z","published":"2017-10-06T04:29:00.340Z","related":["SUSE-OU-2020:3291-1","openSUSE-SU-2018:0225-1","openSUSE-SU-2018:0228-1","openSUSE-SU-2024:11299-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202008-17"},{"type":"FIX","url":"https://github.com/antirez/redis/issues/4278"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"0"},{"last_affected":"44053df0a469103cd27bee419b51ac6a62984b5d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.2"}]}}],"versions":["1.3.6","2.2-alpha0","2.2-alpha1","2.2-alpha2","2.2-alpha3","2.2-alpha4","2.2-alpha5","2.2-alpha6","2.2.0-rc1","2.3-alpha0","4.0-rc1","4.0-rc2","4.0-rc3","4.0.0","4.0.1","4.0.2","v1.3.10","v1.3.11","v1.3.7","v1.3.8","v1.3.9","v2.0.0-rc1","v2.1.1-watch","vm-playpen"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}