SUSE-SU-2024:3535-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service bsc1231266 - CVE-2024-31228: Fixed unbounded recursive pattern matching bsc1231265 - CVE-2024-31449: Fixed integer overflow bug in Lua bittohex bsc1231264...

Redis 2.6 < 6.2.16, 7.0.0. < 7.2.6, 7.4.0 RCE vulnerability

Redis is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

Redis 安全漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis. The vulnerability can be exploited by an attacker to remotely execute code...

The vulnerability of the Redis database management system, related to buffer overflows in the stack, allows attackers to execute arbitrary code.

The vulnerability of the Redis database management system is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting a specially crafted Lua script remotely...

SUSE CVE-2024-31449

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2024-717)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-717 advisory. Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Tenable has...

Important: redis

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis Note: This advisory is applicable to Amazon Linux 2 - Redis6 Extra. Visit this...

Important: redis6

Issue Overview: Denial-of-service due to unbounded pattern matching CVE-2024-31228 Lua library commands may be exploited by an authenticated user to achieve remote-code-execution CVE-2024-31449 Affected Packages: redis6 Issue Correction: Run dnf update redis6 --releasever 2023.5.20241001 or dnf...

PT-2024-6632

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2.16, prior to 7.2.6, and prior to 7.4.1. Redis versions 6.2.16-alt1, 6.2.17-alt1, 7.2.10-alt1, 7.2.11-alt1. Description Redis is an in-memory database. An authenticated user can use a specially crafted Lua script to...

OESA-2024-2169 lua security update

Lua is a powerful, efficient, lightweight, embeddable scripting language. It supports procedural programming, object-oriented programming, functional programming, data-driven programming, and data description. Security Fixes: ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault...

CVE-2024-42503 Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI)

Authenticated command execution vulnerability exist in the ArubaOS command line interface CLI. Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system...

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

RHSA-2023:2582 Red Hat Security Advisory: lua security update

Bulletin has no description...

RHSA-2023:1211 Red Hat Security Advisory: lua security update

Bulletin has no description...

RHSA-2023:0957 Red Hat Security Advisory: lua security update

Bulletin has no description...

RHSA-2022:7329 Red Hat Security Advisory: lua security update

Bulletin has no description...

RHSA-2021:4510 Red Hat Security Advisory: lua security update

Bulletin has no description...

RHSA-2019:3706 Red Hat Security Advisory: lua security and bug fix update

Bulletin has no description...

CVE-2024-45413

The CVE-2024-45413 issue affects the HTTPD binary in multiple ZTE routers. A stack-based buffer overflow in rsa_decrypt, an API wrapper for LUA used to decrypt RSA ciphertext, stores decrypted data on the stack without length checks. This allows an authenticated attacker to achieve remote code ex...

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...