Latest redis redis Vulnerabilities

CVE-2023-41056
Redis vulnerable to integer overflow in certain payloads
Redis Redis>=7.0.9<7.0.15
Redis Redis>=7.2.0<7.2.4
Fedoraproject Fedora=38
Fedoraproject Fedora=39
CVE-2023-45145
Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
ubuntu/redis<2:2.8.4-2ubuntu0.2+
ubuntu/redis<2:3.0.6-1ubuntu0.4+
ubuntu/redis<5:4.0.9-1ubuntu0.2+
ubuntu/redis<5:5.0.7-2ubuntu0.1+
ubuntu/redis<5:6.0.16-1ubuntu1+
ubuntu/redis<7.2.2
and 9 more
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not ex...
Redis Redis>=7.0<7.0.13
Redis Redis=7.2.0
Redis Redis=7.2.0-rc1
Redis Redis=7.2.0-rc2
Redis Redis=7.2.0-rc3
CVE-2021-31294
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and ...
Redis Redis<6.2.0
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentiall...
Redis Redis>=2.6.0<6.0.20
Redis Redis>=6.2.0<6.2.13
Redis Redis>=7.0.0<7.0.12
Fedoraproject Fedora=37
Fedoraproject Fedora=38
IBM Planning Analytics<=2.0
and 7 more
CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result i...
Redis Redis>=7.0.0<7.0.12
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2023-31655
redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Redis Redis=7.0.10
CVE-2023-28856
Redis is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted HINCRBYFLOAT command, a local authenticated attacker could exploit this vulnerability to...
Redis Redis<6.0.19
Redis Redis>=6.2.0<6.2.12
Redis Redis>=7.0.0<7.0.11
Debian Debian Linux=10.0
Fedoraproject Fedora=36
Fedoraproject Fedora=37
and 12 more
CVE-2023-28425
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and terminati...
Redis Redis>=7.0.8<7.0.10
CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting i...
Redis Redis<6.0.18
Redis Redis>=6.2.0<6.2.11
Redis Redis>=7.0.0<7.0.9
IBM Planning Analytics<=2.0
ubuntu/redis<6.0.18<6.2.11<7.0.9
ubuntu/redis<5:4.0.9-1ubuntu0.2+
and 5 more
CVE-2022-36021
Redis is vulnerable to a denial of service, caused by a flaw in the string pattern matching functionality. By using the string matching commands (such as SCAN or KEYS) with a specially-crafted pattern...
Redis Redis<6.0.18
Redis Redis>=6.2.0<6.2.11
Redis Redis>=7.0.0<7.0.9
IBM Planning Analytics<=2.0
ubuntu/redis<5:4.0.9-1ubuntu0.2+
ubuntu/redis<6.0.18<6.2.11<7.0.9
and 5 more
CVE-2023-22458
Redis is vulnerable to a denial of service, caused by an integer overflow. By sending specially crafted HRANDFIELD and ZRANDMEMBER commands, a local authenticated attacker could exploit this vulnerabi...
Redis Redis>=6.2.0<6.2.9
Redis Redis>=7.0.0<7.0.8
IBM Planning Analytics<=2.0
CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting...
Redis Redis>=6.0.0<6.0.17
Redis Redis>=6.2.0<6.2.9
Redis Redis>=7.0.0<7.0.8
IBM Planning Analytics<=2.0
ubuntu/redis<7.0.8
ubuntu/redis<5:4.0.9-1ubuntu0.2+
and 5 more
CVE-2022-3734
** DISPUTED ** A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The ma...
Redis Redis
CVE-2022-3647
Redis Crash Report debug.c sigsegvHandler denial of service
Redis Redis<2022-09-29
<6.2.8
>=7.0.0<7.0.6
CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific st...
Redis Redis>=7.0.0<7.0.5
Fedoraproject Fedora=37
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution....
Redis Redis>=7.0<7.0.4
CVE-2022-33105
Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
Redis Redis=7.0
CVE-2022-24735
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua ...
Redis Redis<6.2.7
Redis Redis=7.0-rc1
Redis Redis=7.0-rc2
Redis Redis=7.0-rc3
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 6 more
CVE-2022-24736
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will res...
Redis Redis<6.2.7
Redis Redis=7.0-rc1
Redis Redis=7.0-rc2
Redis Redis=7.0-rc3
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 6 more
CVE-2022-0543
Debian-specific Redis Server Lua Sandbox Escape Vulnerability
debian/redis<=5:5.0.14-1+deb10u1<=5:5.0.3-4<=5:6.0.15-1
Redis Redis
Canonical Ubuntu Linux=20.04
Canonical Ubuntu Linux=21.10
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 3 more
CVE-2021-32762
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large...
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=33
and 8 more
CVE-2021-32675
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which dete...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
and 13 more
CVE-2021-32626
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to inc...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=2.6<5.0.14
and 13 more
CVE-2021-32687
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrar...
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
and 13 more
CVE-2021-32672
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond th...
Redis Redis>=3.2.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Redhat Software Collections
Redhat Enterprise Linux=8.0
Debian Debian Linux=10.0
and 10 more
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentia...
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 10 more
CVE-2021-41099
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of servic...
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
Redis Redis>=6.0.0<6.0.16
Redis Redis>=6.2.0<6.2.6
Fedoraproject Fedora=33
and 9 more
CVE-2021-32627
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code ex...
redhat/redis<6.2.6
redhat/redis<6.0.16
redhat/redis<5.0.14
redhat/redis<0:3.2.8-5.el7
redhat/rh-redis5-redis<0:5.0.5-3.el7
Redis Redis>=5.0.0<5.0.14
and 13 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203