Vendor CVEs
Redis
All CVEs
73 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33105 | 0.00 | — | 0.03 | Jun 22, 2022 | Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | |||
| CVE-2022-24736 | 0.00 | — | 0.01 | Apr 27, 2022 | Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis… | |||
| CVE-2022-24735 | 0.00 | — | 0.02 | Apr 27, 2022 | Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another… | |||
| CVE-2021-41099 | 0.00 | — | 0.03 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default… | |||
| CVE-2021-32762 | 0.00 | — | 0.03 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the… | |||
| CVE-2021-32687 | 0.00 | — | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability… | |||
| CVE-2021-32672 | 0.00 | — | 0.02 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging… | |||
| CVE-2021-32627 | 0.00 | — | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and… | |||
| CVE-2021-32628 | 0.00 | — | 0.04 | Oct 4, 2021 | Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the… | |||
| CVE-2021-32765 | 0.00 | — | 0.02 | Oct 4, 2021 | Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check… | |||
| CVE-2020-21468 | 0.00 | — | 0.01 | Sep 20, 2021 | A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 | |||
| CVE-2021-32761 | 0.00 | — | 0.31 | Jul 21, 2021 | Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to… | |||
| CVE-2021-32625 | 0.00 | — | 0.04 | Jun 2, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote… | |||
| CVE-2021-29478 | 0.00 | — | 0.04 | May 4, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and… | |||
| CVE-2021-29477 | 0.00 | — | 0.04 | May 4, 2021 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote… | |||
| CVE-2021-3470 | 0.00 | — | 0.01 | Mar 31, 2021 | A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority… | |||
| CVE-2021-21309 | 0.00 | — | 0.05 | Feb 26, 2021 | Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a… | |||
| CVE-2020-14147 | 0.00 | — | 0.03 | Jun 15, 2020 | An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox… | |||
| CVE-2020-7105 | 0.00 | — | 0.03 | Jan 16, 2020 | async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. | |||
| CVE-2013-0180 | 0.00 | — | 0.00 | Nov 1, 2019 | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | |||
| CVE-2013-0178 | 0.00 | — | 0.00 | Nov 1, 2019 | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | |||
| CVE-2016-2121 | 0.00 | — | 0.00 | Oct 31, 2018 | A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. | |||
| CVE-2015-4335 | 0.00 | — | 0.10 | Jun 9, 2015 | Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. |
- CVE-2022-33105Jun 22, 2022risk 0.00cvss —epss 0.03
Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
- CVE-2022-24736Apr 27, 2022risk 0.00cvss —epss 0.01
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis…
- CVE-2022-24735Apr 27, 2022risk 0.00cvss —epss 0.02
Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another…
- CVE-2021-41099Oct 4, 2021risk 0.00cvss —epss 0.03
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default…
- CVE-2021-32762Oct 4, 2021risk 0.00cvss —epss 0.03
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the…
- CVE-2021-32687Oct 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability…
- CVE-2021-32672Oct 4, 2021risk 0.00cvss —epss 0.02
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging…
- CVE-2021-32627Oct 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and…
- CVE-2021-32628Oct 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the…
- CVE-2021-32765Oct 4, 2021risk 0.00cvss —epss 0.02
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check…
- CVE-2020-21468Sep 20, 2021risk 0.00cvss —epss 0.01
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
- CVE-2021-32761Jul 21, 2021risk 0.00cvss —epss 0.31
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to…
- CVE-2021-32625Jun 2, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote…
- CVE-2021-29478May 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and…
- CVE-2021-29477May 4, 2021risk 0.00cvss —epss 0.04
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote…
- CVE-2021-3470Mar 31, 2021risk 0.00cvss —epss 0.01
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority…
- CVE-2021-21309Feb 26, 2021risk 0.00cvss —epss 0.05
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a…
- CVE-2020-14147Jun 15, 2020risk 0.00cvss —epss 0.03
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox…
- CVE-2020-7105Jan 16, 2020risk 0.00cvss —epss 0.03
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
- CVE-2013-0180Nov 1, 2019risk 0.00cvss —epss 0.00
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
- CVE-2013-0178Nov 1, 2019risk 0.00cvss —epss 0.00
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
- CVE-2016-2121Oct 31, 2018risk 0.00cvss —epss 0.00
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information.
- CVE-2015-4335Jun 9, 2015risk 0.00cvss —epss 0.10
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Page 2 of 2