Important: Red Hat Security Advisory: redis security update

An update for redis is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Security update for redis

This update for redis fixes the following issue CVE-2026-25243: invalid memory access in RESTORE command via a specially crafted serialized payload may lead to remote code execution bsc1264166. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Azure Linux 3.0 Security Update: valkey (CVE-2025-21605)

The version of valkey installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21605 advisory. - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to...

EUVD-2023-51263

Malicious code in bioql PyPI...

CVE-2025-46686

CVE-2025-46686 concerns Redis up to version 8.0.3, where memory can be consumed by a crafted multi-bulk command sequence sent by an authenticated user. The issue arises because the server allocates memory for the command arguments of every bulk, even if the command is later skipped due to insuffi...

CVE-2023-47120

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

Important: redis6

Issue Overview: Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default, the Redis configuration does not...

BIT-DISCOURSE-2023-47120 Discourse DoS through Onebox favicon URL

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

Design/Logic Flaw

Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the stable branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the beta and tests-passed branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting...

PT-2023-30324 · Discourse +1 · Discourse +1

Name of the Vulnerable Software and Affected Versions: Discourse versions 3.1.0 through 3.1.2 Discourse versions 3.1.0,beta6 through 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. In the affected versions, Redis memory can be depleted by crafting a site wi...

Discourse Security Breach

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse versions 3.1.0 through 3.1.2, which originates from potentially exhausting Redis memory by creating a website with an unusually...

SUSE CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

SUSE CVE-2022-33105

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID...

CVE-2022-33105

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID...

ALPINE-CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...