Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to values specified by the user, which determine the number of elements in the multi-bulk header and the size of each element in...

Unity Linux 20.1060e / 20.1070e Security Update: redis (UTSA-2026-017593)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017593 advisory. Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debuggers...

BIT-REDIS-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution

Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger...

UBUNTU-CVE-2026-23631

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

Redis 资源管理错误漏洞

Redis is an open-source database developed by Redis Inc. in the United States. It is written in ANSI C, supports networking, and can be implemented as either in-memory or persistent storage systems. It also provides APIs in multiple languages. Versions of Redis from 7.2.0 to 8.6.3 have a resource...

Azure Linux 3.0 Security Update: keda (CVE-2025-29923)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29923 advisory. - go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7....

Exploit for Use After Free in Redis

This is a PoC exploit for CVE-2025-49844, a high-risk vulnerability in Redis database. The exploit is a GUI-based tool called "CVE-2025-49844RediShell漏洞检查软件v2.0" that helps enterprises efficiently detect and fix vulnerabilities. The tool is an iteration of the original...

Linux Distros Unpatched Vulnerability : CVE-2025-49844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...

Linux Distros Unpatched Vulnerability : CVE-2024-31228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string...

redis:7 security update

7.2.10-1.0.1 - Build with 64k pages to support redis on UEK on aarch64 7.2.10-1 - rebase to 7.2.10 for CVE-2025-27151 CVE-2025-32023 and CVE-2025-48367 7.2.8-1 - rebase to 7.2.8 for CVE-2025-21605 7.2.7-1 - rebase to 7.2.7 for CVE-2024-46981 and CVE-2024-51741 7.2.6-1 - rebase to 7.2.6 RHEL-26628...

UBUNTU-CVE-2024-51741

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2...

DEBIAN-CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

ALPINE-CVE-2024-31449

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scriptin...

PT-2024-6632

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2.16, prior to 7.2.6, and prior to 7.4.1. Redis versions 6.2.16-alt1, 6.2.17-alt1, 7.2.10-alt1, 7.2.11-alt1. Description Redis is an in-memory database. An authenticated user can use a specially crafted Lua script to...

BIT-KEYDB-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

BIT-REDIS-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis librar...

PT-2024-1088

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.0.15 Redis versions prior to 7.2.4 Description: The issue is related to integer overflow due to incorrect handling of memory buffer resizing, which can lead to heap overflow and potential remote code execution. The...

ALPINE-CVE-2023-45145

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask2 is used, this creates a race condition that enables, during a short period of time, another process...

Vulnerabilities fixed in Redis

Redis has fixed two vulnerabilities. A malicious party can exploit the exploit the vulnerabilities to cause a denial-of-service. Because Redis is widely used as a message broker to support of information exchange processes, the consequence of a Denial-of-Service on the Redis service cannot be...

Integer overflow

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...