136 matches found
CVE-2023-28425 Specially crafted MSETNX command can lead to denial-of-service
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...
Integer overflow
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
CVE-2023-25155
Redis is affected by CVE-2023-25155 via authenticated SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD usage, which can trigger an integer overflow and cause Redis to terminate due to an assertion. Patches are available in Redis 6.0.18, 6.2.11, and 7.0.9. Upgrading to these versions (or newer) is the adv...
CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...
Design/Logic Flaw
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...
CVE-2023-22458
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...
CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...
CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...
CVE-2023-22458
CVE-2023-22458 affects Redis: authenticated users can issue HRANDFIELD or ZRANDMEMBER with specially crafted arguments to trigger a denial-of-service via assertion failure. Affected versions are Redis 6.2.x (6.2 up to but not including 6.2.9) and 7.0.x (7.0 up to but not including 7.0.8). Remedia...
CVE-2023-22458
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...
AlmaLinux 9 : redis (ALSA-2022:8096)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis...
AlmaLinux 8 : redis:6 (ALSA-2022:7541)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...
CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...
CVE-2022-35951
Redis 7.0.0–7.0.4 are vulnerable to an integer overflow in the XAUTOCLAIM handling on a stream key with a crafted COUNT, which can cause a heap overflow and potentially remote code execution. The issue is fixed in Redis 7.0.5; upgrades to 7.0.5 or later are recommended. Affected versions and the ...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-memdb-1.3.0-6.fc36
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...
CVE-2022-31144
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
CVE-2022-31144
Summary: CVE-2022-31144 is a Redis heap overflow issue triggered by a crafted XAUTOCLAIM on a stream key in certain states. Affects Redis 7.x before 7.0.4. The fix is included in Redis 7.0.4. Several connected sources (Astra Linux, Alpine Linux, Debian, Gentoo GLSA, etc.) reference the same vulne...
CVE-2022-31144 Potential heap overflow in Redis
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...
[SECURITY] Fedora 35 Update: golang-github-hashicorp-memdb-1.3.0-5.fc35
The Memdb package implements a simple in-memory database built on immutable radix trees. The database provides Atomicity, Consistency and Isolation from ACID. Being that it is in-memory, it does not provide durability. The database is instantiated with a schema that specifies the tables and indic...