24 matches found
UBUNTU-CVE-2021-32675
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to user-specified values which determine the number of elements in the multi-bulk header and size of each element in the bulk header. ...
PT-2021-4338 · Redis +9 · Redis +9
Name of the Vulnerable Software and Affected Versions: Redis versions prior to 5.0.14 Redis versions prior to 6.0.16 Redis versions prior to 6.2.6 Description: The issue is related to errors in processing Redis Standard Protocol RESP requests, which can cause the server to allocate a significant...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview
PoC exploit for Redis RCE CVE-2017-14947 targeting Redis 4.x/5.x. The vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the redis-rce.py script. Notable dependencies/tooling include six and argparse. The execution context is a Python script invoked from the...
CVE-2016-10517
CVE-2016-10517 describes a Cross Protocol Scripting vulnerability in Redis prior to 3.2.7. The issue arises in networking.c where Redis does not validate HTTP-like elements (POST and Host:) in data that can arrive on the Redis TCP port, allowing an HTTP-style request to be misinterpreted as a Red...