apk package
chainguard/redis-cluster-6.2-bitnami-compat
pkg:apk/chainguard/redis-cluster-6.2-bitnami-compat
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46981 | — | < 6.2.17-r0 | 6.2.17-r0 | Jan 6, 2025 | Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional worka | ||
| CVE-2024-31449 | — | < 6.2.16-r0 | 6.2.16-r0 | Oct 7, 2024 | Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis | ||
| CVE-2024-31228 | — | < 6.2.16-r0 | 6.2.16-r0 | Oct 7, 2024 | Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL defini | ||
| CVE-2023-41056 | — | < 0 | 0 | Jan 10, 2024 | Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | ||
| CVE-2022-3734 | — | < 0 | 0 | Oct 28, 2022 | A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit | ||
| CVE-2022-3647 | — | < 0 | 0 | Oct 21, 2022 | ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather | ||
| CVE-2022-0543 | — | KEV | < 0 | 0 | Feb 18, 2022 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. |
- CVE-2024-46981Jan 6, 2025affected < 6.2.17-r0fixed 6.2.17-r0
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional worka
- CVE-2024-31449Oct 7, 2024affected < 6.2.16-r0fixed 6.2.16-r0
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis
- CVE-2024-31228Oct 7, 2024affected < 6.2.16-r0fixed 6.2.16-r0
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL defini
- CVE-2023-41056Jan 10, 2024affected < 0fixed 0
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
- CVE-2022-3734Oct 28, 2022affected < 0fixed 0
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit
- CVE-2022-3647Oct 21, 2022affected < 0fixed 0
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather
- affected < 0fixed 0
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.