Important: Red Hat Security Advisory: redis:5 security update

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RLSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis:5 security update

An update is available for redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

Oracle Linux 8 : redis:5 (ELSA-2021-3918)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3918 advisory. - fix denial of service via Redis Standard Protocol RESP request CVE-2021-32675 - fix lua scripts can overflow the heap-based Lua stack CVE-2021-32626 ...

OESA-2021-1394 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed...

Lua scripts can overflow the heap-based Lua stack in Redis

...

PT-2022-1950

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.47-alt1 through 2.4.57-alt2 Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ Description The Apache HTTP Server is affected by HTTP request splitting with mod rewrite and mod proxy CVE-2023-25690...

Vulnerability in Lua Debugger in Redis

...

Redis Stack Overflow Vulnerability (GHSA-p486-xggp-782c)

Redis is prone to a heap-based stack overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

Redis Lua Debugger Vulnerability (GHSA-9mj9-xx53-qmxm)

Redis is prone to a vulnerability in the Lua Debugger. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if descripti...

FreeBSD : redis -- multiple vulnerabilities (9b4806c1-257f-11ec-9db5-0800270512f4)

The Redis Team reports : CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on...

CVE-2021-32672

A flaw was found in redis. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer, potentially leading to an information disclosure...

CVE-2021-32626

A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...

Remote Code Execution (RCE)

Redis is vulnerable to remote code execution. The vulnerability exists due to heap-based Lua stack to be overflowed. An attacker is able to crash the system by sending a maliciously crafted script to the system...

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

AZL-6844 CVE-2021-32626 affecting package redis for versions less than 6.2.6-1

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...