5 matches found
AZL-52011 CVE-2024-31228 affecting package valkey for versions less than 8.0.1-1
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...
Integer Overflow in several Redis commands can lead to denial of service.
...
CVE-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...
Integer overflow in multiple Redis commands can lead to denial-of-service
...
Server-Side Request Forgery (SSRF) in appwrite/appwrite
Description An authenticated SSRF vulnerability exists in appwrite's webhooks / tasks feature. The gopher:// protocol can be used to cause code execution on the Redis server that comes along with appwrite. The attacker must know the IP address of the redis-server which can be done by creating...