VYPR

Vendor CVEs

Redis

All CVEs

73 total · sorted by risk
  • CVE-2022-33105Jun 22, 2022
    risk 0.00cvss epss 0.03

    Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

  • CVE-2022-24736Apr 27, 2022
    risk 0.00cvss epss 0.01

    Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis…

  • CVE-2022-24735Apr 27, 2022
    risk 0.00cvss epss 0.02

    Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another…

  • CVE-2021-41099Oct 4, 2021
    risk 0.00cvss epss 0.03

    Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default…

  • CVE-2021-32762Oct 4, 2021
    risk 0.00cvss epss 0.03

    Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the…

  • CVE-2021-32687Oct 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability…

  • CVE-2021-32672Oct 4, 2021
    risk 0.00cvss epss 0.02

    Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging…

  • CVE-2021-32627Oct 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and…

  • CVE-2021-32628Oct 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the…

  • CVE-2021-32765Oct 4, 2021
    risk 0.00cvss epss 0.02

    Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check…

  • CVE-2020-21468Sep 20, 2021
    risk 0.00cvss epss 0.01

    A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7

  • CVE-2021-32761Jul 21, 2021
    risk 0.00cvss epss 0.31

    Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…

  • CVE-2021-32625Jun 2, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote…

  • CVE-2021-29478May 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and…

  • CVE-2021-29477May 4, 2021
    risk 0.00cvss epss 0.04

    Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote…

  • CVE-2021-3470Mar 31, 2021
    risk 0.00cvss epss 0.01

    A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority…

  • CVE-2021-21309Feb 26, 2021
    risk 0.00cvss epss 0.05

    Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a…

  • CVE-2020-14147Jun 15, 2020
    risk 0.00cvss epss 0.03

    An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox…

  • CVE-2020-7105Jan 16, 2020
    risk 0.00cvss epss 0.03

    async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.

  • CVE-2013-0180Nov 1, 2019
    risk 0.00cvss epss 0.00

    Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.

  • CVE-2013-0178Nov 1, 2019
    risk 0.00cvss epss 0.00

    Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.

  • CVE-2016-2121Oct 31, 2018
    risk 0.00cvss epss 0.00

    A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.

  • CVE-2015-4335Jun 9, 2015
    risk 0.00cvss epss 0.10

    Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

Page 2 of 2