redis:6 security update

6.0.9-5 - fix denial of service via Redis Standard Protocol RESP request CVE-2021-32675 6.0.9-4 - fix lua scripts can overflow the heap-based Lua stack CVE-2021-32626 - fix integer overflow issue with Streams CVE-2021-32627 - fix integer overflow bug in the ziplist data structure CVE-2021-32628 -...

The vulnerability of Lua interpreter in the Redis database management system allows attackers to execute arbitrary code.

The vulnerability of Lua interpreter in the Redis database management system is related to the possibility of buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Oracle Linux 8 : redis:6 (ELSA-2021-3945)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3945 advisory. - fix denial of service via Redis Standard Protocol RESP request CVE-2021-32675 - fix lua scripts can overflow the heap-based Lua stack CVE-2021-32626 ...

RHEL 8 : redis:5 (RHSA-2021:3918)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3918 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...

Important: Red Hat Security Advisory: redis:5 security update

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

redis: Lua scripts can overflow the heap-based Lua stack

A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...

ALSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis:5 security update

An update is available for redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

RLSA-2021:3918 Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Important: redis:5 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Oracle Linux 8 : redis:5 (ELSA-2021-3918)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3918 advisory. - fix denial of service via Redis Standard Protocol RESP request CVE-2021-32675 - fix lua scripts can overflow the heap-based Lua stack CVE-2021-32626 ...

OESA-2021-1394 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed...

Lua scripts can overflow the heap-based Lua stack in Redis

...

PT-2022-1950

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.47-alt1 through 2.4.57-alt2 Spring Cloud Gateway versions prior to 3.1.1+ and 3.0.7+ Description The Apache HTTP Server is affected by HTTP request splitting with mod rewrite and mod proxy CVE-2023-25690...

Vulnerability in Lua Debugger in Redis

...

FreeBSD : redis -- multiple vulnerabilities (9b4806c1-257f-11ec-9db5-0800270512f4)

The Redis Team reports : CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on...

Redis Stack Overflow Vulnerability (GHSA-p486-xggp-782c)

Redis is prone to a heap-based stack overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if...

Redis Lua Debugger Vulnerability (GHSA-9mj9-xx53-qmxm)

Redis is prone to a vulnerability in the Lua Debugger. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if descripti...

CVE-2021-32672

A flaw was found in redis. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer, potentially leading to an information disclosure...

CVE-2021-32626

A heap buffer overflow was found in redis. Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution. The highest...