Redis Security Vulnerabilities and Issues — Redis CVE List

Lucene search

RedisRedis

9 matches found

CVE•added 2024/10/07 8:15 p.m.•394 views

CVE-2024-31228

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremely ...

5.5CVSS6.1AI score0.00015EPSS

CVE•added 2021/10/04 6:15 p.m.•258 views

CVE-2021-32672

Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer)...

5.3CVSS6AI score0.00391EPSS

CVE•added 2023/01/20 7:15 p.m.•251 views

CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is f...

5.5CVSS5.7AI score0.46126EPSS

CVE•added 2023/01/20 7:15 p.m.•244 views

CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not includi...

5.5CVSS5.7AI score0.667EPSS

CVE•added 2023/03/01 4:15 p.m.•189 views

CVE-2022-36021

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18...

5.5CVSS6AI score0.737EPSS

CVE•added 2022/04/27 8:15 p.m.•181 views

CVE-2022-24736

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2....

5.5CVSS5.4AI score0.00344EPSS

CVE•added 2021/03/31 2:15 p.m.•137 views

CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use je...

5.3CVSS5.5AI score0.00466EPSS

CVE•added 2023/03/20 8:15 p.m.•118 views

CVE-2023-28425

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

5.5CVSS5.6AI score0.27369EPSS

CVE•added 2023/07/15 11:15 p.m.•83 views

CVE-2021-31294

Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.

5.9CVSS5.8AI score0.00093EPSS