rpm package

opensuse/redis7&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/redis7&distro=openSUSE%20Leap%2015.5

Vulnerabilities (11)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-31449	—	< 7.0.8-150500.3.12.1	7.0.8-150500.3.12.1	Oct 7, 2024	Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis
CVE-2024-31228	—	< 7.0.8-150500.3.12.1	7.0.8-150500.3.12.1	Oct 7, 2024	Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL defini
CVE-2024-31227	—	< 7.0.8-150500.3.12.1	7.0.8-150500.3.12.1	Oct 7, 2024	Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6
CVE-2023-45145	—	< 7.0.8-150500.3.9.1	7.0.8-150500.3.9.1	Oct 18, 2023	Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti
CVE-2023-41053	—	< 7.0.8-150500.3.6.1	7.0.8-150500.3.6.1	Sep 6, 2023	Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or
CVE-2022-24834	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Jul 13, 2023	Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc
CVE-2023-36824	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Jul 11, 2023	Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execut
CVE-2023-28856	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Apr 18, 2023	Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19.
CVE-2023-28425	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Mar 20, 2023	Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
CVE-2023-25155	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Mar 2, 2023	Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem
CVE-2022-36021	—	< 7.0.8-150500.3.3.1	7.0.8-150500.3.3.1	Mar 1, 2023	Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed i

CVE-2024-31449Oct 7, 2024
affected < 7.0.8-150500.3.12.1fixed 7.0.8-150500.3.12.1
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis
CVE-2024-31228Oct 7, 2024
affected < 7.0.8-150500.3.12.1fixed 7.0.8-150500.3.12.1
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL defini
CVE-2024-31227Oct 7, 2024
affected < 7.0.8-150500.3.12.1fixed 7.0.8-150500.3.12.1
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6
CVE-2023-45145Oct 18, 2023
affected < 7.0.8-150500.3.9.1fixed 7.0.8-150500.3.9.1
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti
CVE-2023-41053Sep 6, 2023
affected < 7.0.8-150500.3.6.1fixed 7.0.8-150500.3.6.1
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or
CVE-2022-24834Jul 13, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc
CVE-2023-36824Jul 11, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execut
CVE-2023-28856Apr 18, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19.
CVE-2023-28425Mar 20, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
CVE-2023-25155Mar 2, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem
CVE-2022-36021Mar 1, 2023
affected < 7.0.8-150500.3.3.1fixed 7.0.8-150500.3.3.1
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed i