Lucene search
K

32 matches found

Cvelist
Cvelist
added 2023/04/18 8:50 p.m.21 views

CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised ...

5.5CVSS6.9AI score0.00963EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.39 views

CBL Mariner 2.0 Security Update: redis (CVE-2023-22458)

The version of redis installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-22458 advisory. - Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMB...

5.5CVSS6.9AI score0.69355EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.35 views

Fedora 37 : redis (2023-c685251667)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c685251667 advisory. Redis 7.0.9 - Released Tue Feb 28 12:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: CVE-2023-25155...

6.5CVSS7.1AI score0.59706EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/03/02 3:1 a.m.51 views

CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

6.5CVSS5.7AI score0.00902EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/03/01 4:15 p.m.53 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands like SCAN or KEYS with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6.3AI score0.59706EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/01/20 6:19 p.m.27 views

CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS5.8AI score0.33269EPSS
Exploits0
OSV
OSV
added 2023/01/20 6:19 p.m.33 views

CVE-2023-22458 Integer overflow in multiple Redis commands can lead to denial-of-service

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not...

5.5CVSS5.4AI score0.69355EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.36 views

AlmaLinux 9 : redis (ALSA-2022:8096)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8096 advisory. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis...

7.8CVSS6.9AI score0.02189EPSS
Exploits2References3
Debian CVE
Debian CVE
added 2022/09/23 12:0 a.m.48 views

CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

9.8CVSS9.8AI score0.02904EPSS
Exploits0
OSV
OSV
added 2021/10/04 6:15 p.m.46 views

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

8.8CVSS2.9AI score
Exploits0References10
Prion
Prion
added 2021/10/04 6:15 p.m.47 views

Design/Logic Flaw

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

6.5CVSS8.7AI score0.15126EPSS
Exploits0References10Affected Software4
Debian CVE
Debian CVE
added 2021/10/04 6:0 p.m.49 views

CVE-2021-32762

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

9CVSS8.8AI score0.02497EPSS
Exploits0
Rows per page
Query Builder