CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support 3.2 or newer...

CVE-2021-32626 Lua scripts can overflow the heap-based Lua stack in Redis

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

CVE-2021-32626

CVE-2021-32626 affects Redis with Lua scripting. Specifically crafted Lua scripts can overflow the heap-based Lua stack due to insufficient checks, leading to heap corruption and potential remote code execution. Affected: Redis versions supporting Lua scripting (from 2.6 onward). Remediation: upg...

CVE-2021-32626

Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote co...

Redis Labs Redis 缓冲区错误漏洞

Redis Labs Redis is an open source, network-enabled, memory-based, persistent logging, key-value Key-Value storage database written in ANSI C by Redis Labs, Inc. and provides APIs in multiple languages. A buffer error vulnerability exists in Redis, which allows a user to send an incorrect request...

Redis Labs Redis 缓冲区错误漏洞

Redis Labs Redis is an open source, network-enabled, memory-based, persistent logging, key-value Key-Value storage database written in ANSI C from Redis Labs, Inc. and provides APIs in multiple languages. A buffer error vulnerability exists in Redis, where execution of specially crafted Lua scrip...

redis -- multiple vulnerabilities

The Redis Team reports: CVE-2021-41099 Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured. CVE-2021-32762 Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on so...

PT-2021-4401 · Redis +9 · Redis +9

Name of the Vulnerable Software and Affected Versions: Redis versions 2.6 through 6.2.5 Redis versions 6.0.0 through 6.0.15 Redis versions 5.0.0 through 5.0.13 Description: The issue is related to the Lua scripting support in Redis, where specially crafted Lua scripts can cause a heap-based Lua...

PT-2021-7752 · Redis +5 · Redis +5

Name of the Vulnerable Software and Affected Versions: Redis versions 3.2 through 6.2.5 Redis versions 3.2 through 6.0.15 Redis versions 3.2 through 5.0.13 can be simplified to: Redis versions 3.2 through 6.2.5 Description: The issue affects Redis, an open source, in-memory database that persists...

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:1225-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:1225-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

SUSE: Security Advisory (SUSE-SU-2021:2890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:2892-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

Istio Fragments in Path May Lead to Authorization Policy Bypass

Impact Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request with fragment in the path may bypass Istio’s URI path based authorization policies. Patches Istio 1.11.1 and above Istio 1.10.4 and above Istio 1.9.8 and above Workarounds...

GHSA-7774-7VR3-CC8J Authorization Policy Bypass Due to Case Insensitive Host Comparison

Impact According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The Envoy proxy will route the request hostname in a case-insensitive way which means the authorization policy...

Authorization Policy Bypass Due to Case Insensitive Host Comparison

Impact According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case insensitive way, but currently the comparison is case sensitive. The Envoy proxy will route the request hostname in a case-insensitive way which means the authorization policy...

Incorrect Authorization

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

Improper Handling of Case Sensitivity

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to RFC 4343, Istio authorization policy should compare the hostname in the HTTP Host header in a case...

OSV-2021-1173 UNKNOWN READ in luaG_getfuncline

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37678 Crash type: UNKNOWN READ Crash state: luaGgetfuncline luaGrunerror luaDgrowstack...