apk package
chainguard/redis-7.4-bitnami-compat
pkg:apk/chainguard/redis-7.4-bitnami-compat
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48367 | — | < 7.4.5-r0 | 7.4.5-r0 | Jul 7, 2025 | Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. | ||
| CVE-2025-32023 | — | < 7.4.5-r0 | 7.4.5-r0 | Jul 7, 2025 | Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote co | ||
| CVE-2024-51741 | — | < 7.4.2-r0 | 7.4.2-r0 | Jan 6, 2025 | Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. | ||
| CVE-2024-46981 | — | < 7.4.2-r0 | 7.4.2-r0 | Jan 6, 2025 | Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional worka | ||
| CVE-2022-3734 | — | < 7.4.7-r0 | 7.4.7-r0 | Oct 28, 2022 | A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit | ||
| CVE-2022-0543 | — | KEV | < 7.4.7-r0 | 7.4.7-r0 | Feb 18, 2022 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
- CVE-2025-48367Jul 7, 2025affected < 7.4.5-r0fixed 7.4.5-r0
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
- CVE-2025-32023Jul 7, 2025affected < 7.4.5-r0fixed 7.4.5-r0
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote co
- CVE-2024-51741Jan 6, 2025affected < 7.4.2-r0fixed 7.4.2-r0
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
- CVE-2024-46981Jan 6, 2025affected < 7.4.2-r0fixed 7.4.2-r0
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional worka
- CVE-2022-3734Oct 28, 2022affected < 7.4.7-r0fixed 7.4.7-r0
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit
- affected < 7.4.7-r0fixed 7.4.7-r0
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.