rpm package
suse/redis&distro=SUSE Package Hub 12
pkg:rpm/suse/redis&distro=SUSE%20Package%20Hub%2012
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14147 | — | < 4.0.14-bp151.3.6.1 | 4.0.14-bp151.3.6.1 | Jun 15, 2020 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restri | ||
| CVE-2016-10517 | Hig | 7.4 | < 4.0.2-9.1 | 4.0.2-9.1 | Oct 24, 2017 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | |
| CVE-2017-15047 | Cri | 9.8 | < 4.0.6-12.1 | 4.0.6-12.1 | Oct 6, 2017 | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | |
| CVE-2013-7458 | Low | 3.3 | < 3.0.7-6.1 | 3.0.7-6.1 | Aug 10, 2016 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. |
- CVE-2020-14147Jun 15, 2020affected < 4.0.14-bp151.3.6.1fixed 4.0.14-bp151.3.6.1
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restri
- affected < 4.0.2-9.1fixed 4.0.2-9.1
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
- affected < 4.0.6-12.1fixed 4.0.6-12.1
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
- affected < 3.0.7-6.1fixed 3.0.7-6.1
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.