rpm package
suse/redis&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-45145 | — | < 6.0.14-150200.6.29.1 | 6.0.14-150200.6.29.1 | Oct 18, 2023 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti | ||
| CVE-2022-24834 | — | < 6.0.14-150200.6.26.1 | 6.0.14-150200.6.26.1 | Jul 13, 2023 | Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc | ||
| CVE-2023-28856 | — | < 6.0.14-150200.6.26.1 | 6.0.14-150200.6.26.1 | Apr 18, 2023 | Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. | ||
| CVE-2023-25155 | — | < 6.0.14-150200.6.20.1 | 6.0.14-150200.6.20.1 | Mar 2, 2023 | Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem | ||
| CVE-2022-36021 | — | < 6.0.14-150200.6.20.1 | 6.0.14-150200.6.20.1 | Mar 1, 2023 | Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed i | ||
| CVE-2022-35977 | — | < 6.0.14-150200.6.17.1 | 6.0.14-150200.6.17.1 | Jan 20, 2023 | Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) |
- CVE-2023-45145Oct 18, 2023affected < 6.0.14-150200.6.29.1fixed 6.0.14-150200.6.29.1
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of ti
- CVE-2022-24834Jul 13, 2023affected < 6.0.14-150200.6.26.1fixed 6.0.14-150200.6.26.1
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua sc
- CVE-2023-28856Apr 18, 2023affected < 6.0.14-150200.6.26.1fixed 6.0.14-150200.6.26.1
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19.
- CVE-2023-25155Mar 2, 2023affected < 6.0.14-150200.6.20.1fixed 6.0.14-150200.6.20.1
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem
- CVE-2022-36021Mar 1, 2023affected < 6.0.14-150200.6.20.1fixed 6.0.14-150200.6.20.1
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed i
- CVE-2022-35977Jan 20, 2023affected < 6.0.14-150200.6.17.1fixed 6.0.14-150200.6.17.1
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM)