Redis
by Redis
Source repositories
CVEs (72)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32761 | 0.00 | — | 0.31 | Jul 21, 2021 | Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to… | |||
| CVE-2021-32625 | 0.00 | — | 0.04 | Jun 2, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote… | |||
| CVE-2021-29478 | 0.00 | — | 0.04 | May 4, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and… | |||
| CVE-2021-29477 | 0.00 | — | 0.04 | May 4, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote… | |||
| CVE-2021-3470 | 0.00 | — | 0.01 | Mar 31, 2021 | A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority… | |||
| CVE-2021-21309 | 0.00 | — | 0.05 | Feb 26, 2021 | Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a… | |||
| CVE-2020-14147 | 0.00 | — | 0.03 | Jun 15, 2020 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox… | |||
| CVE-2020-7105 | 0.00 | — | 0.03 | Jan 16, 2020 | async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | |||
| CVE-2013-0180 | 0.00 | — | 0.00 | Nov 1, 2019 | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | |||
| CVE-2013-0178 | 0.00 | — | 0.00 | Nov 1, 2019 | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | |||
| CVE-2016-2121 | 0.00 | — | 0.00 | Oct 31, 2018 | A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | |||
| CVE-2015-4335 | 0.00 | — | 0.10 | Jun 9, 2015 | Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. |
- CVE-2021-32761Jul 21, 2021risk 0.00cvss —epss 0.31
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…
- CVE-2021-32625Jun 2, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote…
- CVE-2021-29478May 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and…
- CVE-2021-29477May 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote…
- CVE-2021-3470Mar 31, 2021risk 0.00cvss —epss 0.01
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority…
- CVE-2021-21309Feb 26, 2021risk 0.00cvss —epss 0.05
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a…
- CVE-2020-14147Jun 15, 2020risk 0.00cvss —epss 0.03
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox…
- CVE-2020-7105Jan 16, 2020risk 0.00cvss —epss 0.03
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
- CVE-2013-0180Nov 1, 2019risk 0.00cvss —epss 0.00
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
- CVE-2013-0178Nov 1, 2019risk 0.00cvss —epss 0.00
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
- CVE-2016-2121Oct 31, 2018risk 0.00cvss —epss 0.00
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
- CVE-2015-4335Jun 9, 2015risk 0.00cvss —epss 0.10
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Page 4 of 4