Lucene search
K

136 matches found

OSV
OSV
added 2023/03/20 7:3 p.m.31 views

CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

5.5CVSS4.3AI score0.54978EPSS
Exploits0References6
Prion
Prion
added 2023/03/02 4:15 a.m.31 views

Integer overflow

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

4CVSS6.5AI score0.00902EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/03/02 3:1 a.m.217 views

CVE-2023-25155

Redis is affected by CVE-2023-25155 via authenticated SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD usage, which can trigger an integer overflow and cause Redis to terminate due to an assertion. Patches are available in Redis 6.0.18, 6.2.11, and 7.0.9. Upgrading to these versions (or newer) is the adv...

6.5CVSS6.2AI score0.00902EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2023/03/02 3:1 a.m.51 views

CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS5.7AI score0.00902EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/03/01 4:15 p.m.51 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
Prion
Prion
added 2023/03/01 4:15 p.m.38 views

Design/Logic Flaw

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

1.7CVSS5.5AI score0.59706EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/20 7:15 p.m.27 views

CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

5.5CVSS6.9AI score0.69355EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/01/20 6:19 p.m.27 views

CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS5.8AI score0.33269EPSS
Exploits0
OSV
OSV
added 2023/01/20 6:19 p.m.33 views

CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

5.5CVSS5.4AI score0.69355EPSS
Exploits0References6
CVE
CVE
added 2023/01/20 6:19 p.m.276 views

CVE-2023-22458

CVE-2023-22458 affects Redis: authenticated users can issue HRANDFIELD or ZRANDMEMBER with specially crafted arguments to trigger a denial-of-service via assertion failure. Affected versions are Redis 6.2.x (6.2 up to but not including 6.2.9) and 7.0.x (7.0 up to but not including 7.0.8). Remedia...

5.5CVSS5.7AI score0.69355EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2023/01/20 6:19 p.m.29 views

CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

5.5CVSS5.9AI score0.69355EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.34 views

AlmaLinux 9 : redis (ALSA-2022:8096)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis...

7.8CVSS6.9AI score0.02189EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.45 views

AlmaLinux 8 : redis:6 (ALSA-2022:7541)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...

7.8CVSS6.7AI score0.02189EPSS
Exploits2References3
NVD
NVD
added 2022/09/23 4:15 a.m.17 views

CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

9.8CVSS0.02742EPSS
Exploits0References4
CVE
CVE
added 2022/09/23 12:0 a.m.145 views

CVE-2022-35951

Redis 7.0.0–7.0.4 are vulnerable to an integer overflow in the XAUTOCLAIM handling on a stream key with a crafted COUNT, which can cause a heap overflow and potentially remote code execution. The issue is fixed in Redis 7.0.5; upgrades to 7.0.5 or later are recommended. Affected versions and the ...

9.8CVSS8.5AI score0.02742EPSS
Exploits0References4Affected Software1
Fedora
Fedora
added 2022/07/30 1:57 a.m.16 views

[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-6.fc36

The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...

7.2AI score
Exploits0
AlpineLinux
AlpineLinux
added 2022/07/19 8:15 p.m.36 views

CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

8.8CVSS8.2AI score0.02383EPSS
Exploits0
CVE
CVE
added 2022/07/19 8:15 p.m.162 views

CVE-2022-31144

Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...

8.8CVSS8AI score0.02383EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/19 8:15 p.m.34 views

CVE-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

7CVSS6AI score0.02383EPSS
Exploits0References6
Fedora
Fedora
added 2022/07/17 1:15 a.m.25 views

[SECURITY] Fedora 35 Update: golang-github-hashicorp-memdb-1.3.0-5.fc35

The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...

9.3CVSS7.9AI score0.05994EPSS
Exploits4
Rows per page
Query Builder