CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

76 matches found

Positive Technologies•added 2025/04/22 12:0 a.m.•2 views

PT-2025-17489 · Apache · Apache Kvrocks

Name of the Vulnerable Software and Affected Versions: Apache Kvrocks versions through 2.11.1 Description: The issue is related to improper input validation in the SETRANGE command, which fails to check if the offset input is a positive integer. This can cause the server to crash due to an...

7.5CVSS6.3AI score0.00517EPSS

Exploits0References13

RedHat Linux•added 2025/01/22 10:42 a.m.•1 views

redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic

A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue specially crafted SETRANGE and SORTRO commands to trigger an integer overflow, resulting in Redis attempting to allocate impossible amounts of memory and abort with an out-of-memo...

5.5CVSS7.2AI score0.35552EPSS

Exploits0References5

OSV•added 2024/03/06 11:5 a.m.•26 views

BIT-REDIS-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS5.7AI score0.35552EPSS

Exploits0References7

SUSE CVE•added 2023/10/31 2:34 a.m.•1 views

SUSE CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past...

7.2CVSS9.4AI score0.33071EPSS

Exploits0References2

SUSE CVE•added 2023/02/15 4:13 a.m.•2 views

SUSE CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write ...

7.2CVSS9.4AI score0.22307EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:24 a.m.•3 views

SUSE CVE-2022-35977

6.5CVSS6.2AI score0.35552EPSS

Exploits0References6

BDU FSTEC•added 2023/02/14 12:0 a.m.•1 views

The vulnerability of the Redis database management system, related to integer overflow when processing objects, allows a attacker to cause a service failure.

The vulnerability of the Redis database management system is related to integer overflow when processing objects. Exploiting this vulnerability can allow attackers to trigger a service failure using the SETRANGE and SORT/SORT-RO commands. source-iocs-preserved const=SORTRO...

5.5CVSS6.1AI score0.35552EPSS

Exploits0References12Affected Software9

Redos•added 2023/02/10 12:0 a.m.•75 views

ROS-20230210-04

A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...

5.5CVSS6AI score0.35552EPSS

Exploits0

Veracode•added 2023/01/22 8:13 a.m.•31 views

Denial Of Service (DoS)

redis is vulnerable to Denial of ServiceDoS attacks. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with the library attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic...

5.5CVSS5.9AI score0.35552EPSS

Exploits0References10Affected Software1

OSV•added 2023/01/20 7:15 p.m.•2 views

AZL-13125 CVE-2022-35977 affecting package redis for versions less than 6.2.9-1

5.5CVSS6.2AI score0.35552EPSS

Exploits0References1

OSV•added 2023/01/20 7:15 p.m.•1 views

ALPINE-CVE-2022-35977

5.5CVSS7AI score0.35552EPSS

Exploits0References1

OSV•added 2023/01/20 7:15 p.m.•1 views

DEBIAN-CVE-2022-35977

5.5CVSS5.9AI score0.35552EPSS

Exploits0References1

NVD•added 2023/01/20 7:15 p.m.•21 views

CVE-2022-35977

5.5CVSS6.7AI score0.35552EPSS

Exploits0References6

OSV•added 2023/01/20 7:15 p.m.•1 views

UBUNTU-CVE-2022-35977

5.5CVSS6.3AI score0.35552EPSS

Exploits0References4

UbuntuCve•added 2023/01/20 7:15 p.m.•29 views

CVE-2022-35977

5.5CVSS6.4AI score0.35552EPSS

Exploits0References3

AlpineLinux•added 2023/01/20 6:19 p.m.•26 views

CVE-2022-35977

5.5CVSS5.8AI score0.35552EPSS

Exploits0

Cvelist•added 2023/01/20 6:19 p.m.•20 views

CVE-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic

5.5CVSS6AI score0.35552EPSS

Exploits0References5

Debian CVE•added 2023/01/20 6:19 p.m.•33 views

CVE-2022-35977

5.5CVSS5.1AI score0.35552EPSS

Exploits0

Positive Technologies•added 2023/01/20 12:0 a.m.•4 views

PT-2023-1362

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.0.8 Redis versions prior to 6.2.9 Redis versions prior to 6.0.17 Description: The issue is related to an integer overflow when processing objects, which can be triggered by authenticated users issuing specially craft...

9.8CVSS7.5AI score0.88997EPSS

Exploits13References166

CNNVD•added 2023/01/20 12:0 a.m.•1 views

Redis 输入验证错误漏洞

Redis Labs Redis is the United States Redis Labs, Inc. of a set of open-source use of ANSI C written to support the network , can be based on the memory can also be persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. An input validation error...

5.5CVSS7AI score0.35552EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by