136 matches found
BIT-REDIS-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...
BIT-REDIS-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...
BIT-REDIS-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
BIT-REDIS-2023-28425 Specially crafted MSETNX command can lead to denial-of-service
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...
BIT-REDIS-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...
BIT-REDIS-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several...
BIT-REDIS-2023-41053 Redis SORT_RO may bypass ACL configuration
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORTRO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been...
Fedora 39 : redis (2024-6ef42a28c9)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6ef42a28c9 advisory. Redis 7.2.4 Released Tue 09 Jan 2024 10:45:52 IST Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-41056 In some cases,...
Oracle TimesTen 22.x < 22.1.1.7.0 Multiple Vulnerabilities (July 2023 CPU)
The version of Oracle TimesTen installed on the remote host is 22.x prior to 22.1.1.7.0. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory - Vulnerability in Oracle TimesTen In-Memory Database component: TimesTen IMDB Dell BSAFE Micro Edition Suite...
CVE-2023-41056
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...
Oracle TimesTen In-Memory Database Installed (Windows)
Binary data oracletimestenimdbwininstalled.nbin...
Oracle TimesTen In-Memory Database Installed (Linux / Unix)
Binary data oracletimestenimdbnixinstalled.nbin...
BIT-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
Fedora 38 : redis (2023-77ed1e26a4)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-77ed1e26a4 advisory. Redis 7.0.14 Released Wed 18 Oct 2023 10:33:40 IDT Upgrade urgency SECURITY: See security fixes below. Security fixes CVE-2023-45145 The wrong order...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145
CVE-2023-45145 affects Redis: on startup Redis opens a Unix socket before applying configured permissions, enabling a brief race condition if umask is permissive. The issue has been fixed in Redis 7.2.2, 7.0.14, and 6.2.14. Connected advisories (Astra Linux, Amazon Linux variants, Debian DLA) cor...
CVE-2023-45145 Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...
Amazon Linux 2 : redis (ALASREDIS6-2023-005)
The version of redis installed on the remote host is prior to 6.2.5-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-005 advisory. Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffe...