CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Vulnrichment•added 2025/04/22 7:7 a.m.•6 views

CVE-2025-26413 Apache Kvrocks: The server was crashed by the negative offset

Improper Input Validation vulnerability in Apache Kvrocks. The SETRANGE command didn't check if the offset input is a positive integer and use it as an index of a string. So it will cause the server to crash due to its index is out of range. This issue affects Apache Kvrocks: through 2.11.1. User...

7.7AI score0.00369EPSS

Exploits0References1

CNNVD•added 2025/04/22 12:0 a.m.•2 views

Apache Kvrocks 安全漏洞

Apache Kvrocks is a distributed key-value NoSQL database from the Apache Foundation USA. A security vulnerability exists in Apache Kvrocks version 2.11.1 and earlier, which stems from the SETRANGE command not validating the offset parameter as a positive integer, which could lead to a server cras...

7.5CVSS6.6AI score0.00369EPSS

Exploits0References2

Positive Technologies•added 2025/04/22 12:0 a.m.•2 views

PT-2025-17489 · Apache · Apache Kvrocks

Name of the Vulnerable Software and Affected Versions: Apache Kvrocks versions through 2.11.1 Description: The issue is related to improper input validation in the SETRANGE command, which fails to check if the offset input is a positive integer. This can cause the server to crash due to an...

7.5CVSS6.3AI score0.00369EPSS

Exploits0References13

RedHat Linux•added 2025/01/22 10:42 a.m.•0 views

redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic

A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue specially crafted SETRANGE and SORTRO commands to trigger an integer overflow, resulting in Redis attempting to allocate impossible amounts of memory and abort with an out-of-memo...

5.5CVSS7.2AI score0.35552EPSS

Exploits0References5

OSV•added 2024/03/06 11:5 a.m.•26 views

BIT-REDIS-2022-35977 Integer overflow in certain command arguments can drive Redis to OOM panic

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The problem is fixe...

5.5CVSS5.7AI score0.35552EPSS

Exploits0References7

SUSE CVE•added 2023/02/15 3:24 a.m.•3 views

SUSE CVE-2022-35977

6.5CVSS6.2AI score0.35552EPSS

Exploits0References6

OSV•added 2023/01/20 7:15 p.m.•1 views

AZL-13125 CVE-2022-35977 affecting package redis for versions less than 6.2.9-1

5.5CVSS6.2AI score0.35552EPSS

Exploits0References1

OSV•added 2023/01/20 7:15 p.m.•1 views

UBUNTU-CVE-2022-35977

5.5CVSS6.3AI score0.35552EPSS

Exploits0References4

RedhatCVE•added 2020/04/07 11:11 p.m.•18 views

CVE-2019-10193

A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By corrupting a HyperLogLog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer...

7.2CVSS3.1AI score0.33071EPSS

Exploits0References6

RedhatCVE•added 2019/12/14 4:52 a.m.•14 views

CVE-2019-10192

A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. By carefully corrupting a HyperLogLog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding into writing up to 3 bytes beyond the end of a heap-allocated buffer...

7.2CVSS2.2AI score0.22307EPSS

Exploits0References6

RedHat Linux•added 2019/08/15 4:2 p.m.•3 views

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

7.2CVSS5.9AI score0.22307EPSS

Exploits0References7

RedHat Linux•added 2019/08/07 10:53 a.m.•3 views

redis: Stack buffer overflow in HyperLogLog triggered by malicious client

7.2CVSS5.9AI score0.33071EPSS

Exploits0References7

RedHat Linux•added 2019/08/07 10:53 a.m.•0 views

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

7.2CVSS5.9AI score0.22307EPSS

Exploits0References7

Veracode•added 2019/07/29 12:8 a.m.•23 views

Arbitrary Code Execution

redis is vulnerable to arbitrary code execution. A heap-based buffer overflow with corrupted hyperloglog data structure allows an attacker to execute arbitrary code by carefully corrupting a hyperloglog structure using the SETRANGE command to trick the interpretation of dense HLL encoding to writ...

7.2CVSS3.8AI score0.22307EPSS

Exploits0References18Affected Software2

RedHat Linux•added 2019/07/25 4:10 p.m.•0 views

redis: Heap buffer overflow in HyperLogLog triggered by malicious client

7.2CVSS5.9AI score0.22307EPSS

Exploits0References7

NVD•added 2019/07/11 7:15 p.m.•12 views

CVE-2019-10192

A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write ...

7.2CVSS7AI score0.22307EPSS

Exploits0References17

OSV•added 2019/07/11 7:15 p.m.•23 views

CVE-2019-10193

A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past...

7.2CVSS6.9AI score0.33071EPSS

Exploits0References12

OSV•added 2019/07/11 7:15 p.m.•1 views

DEBIAN-CVE-2019-10192

7.2CVSS7AI score0.22307EPSS

Exploits0References1

OSV•added 2019/07/11 7:15 p.m.•1 views

ALPINE-CVE-2019-10192

7.2CVSS7AI score0.22307EPSS

Exploits0References1