MiracleLinux 8 : redis:6 (AXSA:2021-2495:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2495:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...

MiracleLinux 8 : redis:5 (AXSA:2021-2497:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2497:01 advisory. redis: Lua scripts can overflow the heap-based Lua stack CVE-2021-32626 redis: Integer overflow issue with Streams CVE-2021-32627 redis: Integer...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 13.0 (redis) security update

An update for redis is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

redis: Integer overflow issue with intsets

An integer overflow issue was found in redis. The vulnerability involves changing the default "set-max-intset-entries" configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. This flaw allows a remote attacker to leak arbitrary contents of the...

redis: Integer overflow issue with intsets

An integer overflow issue was found in redis. The vulnerability involves changing the default "set-max-intset-entries" configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. This flaw allows a remote attacker to leak arbitrary contents of the...

redis: Integer overflow issue with intsets

An integer overflow issue was found in redis. The vulnerability involves changing the default "set-max-intset-entries" configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. This flaw allows a remote attacker to leak arbitrary contents of the...

Important: Red Hat Security Advisory: redis:5 security update

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

redis: Integer overflow issue with intsets

An integer overflow issue was found in redis. The vulnerability involves changing the default "set-max-intset-entries" configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. This flaw allows a remote attacker to leak arbitrary contents of the...

Important: Red Hat Security Advisory: rh-redis5-redis security update

An update for rh-redis5-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: redis:6 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RHEL 8 : redis:5 (RHSA-2021:3918)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3918 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...

ALSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RLSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Integer overflow issue with intsets in Redis

...

FreeBSD : redis -- multiple vulnerabilities (9b4806c1-257f-11ec-9db5-0800270512f4)

The Redis Team reports : CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on...

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

FreeBSD : redis -- multiple vulnerabilities (1606b03b-ac57-11eb-9bdd-8c164567ca3c)

Redis project reports : Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...

Redis Labs Redis 输入验证错误漏洞

Redis Labs Redis is an open source, network-enabled, memory-based, persistent logging, key-value Key-Value storage database written in ANSI C, with a multi-language API, from Redis Labs. An input validation error vulnerability exists in Redis due to an integer overflow in the COPY command for lar...

redis -- multiple vulnerabilities

Redis project reports: Vulnerability in the STRALGO LCS command An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. Vulnerability in the COPY command for large intsets An...