VYPR

apk package

chainguard/redis-6.2.10-benchmark

pkg:apk/chainguard/redis-6.2.10-benchmark

Vulnerabilities (7)

  • CVE-2023-45145Oct 18, 2023
    affected < 6.2.10-r40fixed 6.2.10-r40

    Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti

  • CVE-2022-24834Jul 13, 2023
    affected < 6.2.10-r40fixed 6.2.10-r40

    Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc

  • CVE-2023-28856Apr 18, 2023
    affected < 6.2.10-r40fixed 6.2.10-r40

    Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19.

  • CVE-2023-25155Mar 2, 2023
    affected < 6.2.10-r40fixed 6.2.10-r40

    Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem

  • CVE-2022-36021Mar 1, 2023
    affected < 6.2.10-r40fixed 6.2.10-r40

    Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed i

  • CVE-2022-3734Oct 28, 2022
    affected < 6.2.10-r40fixed 6.2.10-r40

    A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit

  • CVE-2022-0543KEVFeb 18, 2022
    affected < 6.2.10-r40fixed 6.2.10-r40

    It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.