Lucene search
K
RedislabsRedis

22 matches found

CVE
CVE
added 2021/02/26 9:50 p.m.514 views

CVE-2021-21309

Redis 32-bit builds (Redis 4.0+) are affected by an integer overflow that can cause heap corruption and, in certain conditions, remote code execution. The issue stems from a low safe limit for bulk input (default 512MB); if a client sends unusually large data and the limit is increased, overflow ...

8.8CVSS7.5AI score0.047EPSS
CVE
CVE
added 2021/05/04 3:15 p.m.417 views

CVE-2021-29477

Redis fixes CVE-2021-29477: an integer overflow in STRALGO LCS on Redis 6.0+ that could allow remote code execution by crafting a command sequence. Patched in Redis 6.2.3 and 6.0.13; subsequent advisories note fixes in 6.2.4 and 6.0.14. Workarounds include ACLs to block STRALGO LCS and, on 64-bit...

8.8CVSS7.9AI score0.04028EPSS
CVE
CVE
added 2021/07/21 8:50 p.m.341 views

CVE-2021-32761

CVE-2021-32761 affects Redis, with out-of-bounds read and integer overflow in 32-bit BIT commands, potentially leading to heap corruption or remote code execution. Affected versions are 2.2 up to just before patches (e.g., 5.0.13, 6.0.15, 6.2.5); patches exist in Redis 5.0.x, 6.0.x, and 6.2.x. Se...

7.5CVSS8AI score0.31049EPSS
CVE
CVE
added 2019/07/11 6:30 p.m.317 views

CVE-2019-10192

CVE-2019-10192 is a heap-buffer overflow in Redis HyperLogLog used by SETRANGE. Affected: Redis HyperLogLog in 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. By corrupting a hyperloglog, an attacker can cause Redis to write up to 3 bytes beyond the end of a heap-allocated buffer. Imp...

7.2CVSS6.8AI score0.26048EPSS
CVE
CVE
added 2019/07/11 6:30 p.m.300 views

CVE-2019-10193

CVE-2019-10193 is a stack-buffer overflow in Redis HyperLogLog exposed by the SETRANGE usage. Affected branches are Redis 3.x before 3.2.13, 4.x before 4.0.14, and 5.x before 5.0.4. Exploitation could cause writes past the end of a stack-allocated buffer, per multiple connected advisories. Public...

7.2CVSS6.8AI score0.23703EPSS
CVE
CVE
added 2021/06/02 7:35 p.m.278 views

CVE-2021-32625

Redis 6.0+ contains an integer overflow in STRALGO LCS that can corrupt the heap and may lead to remote code execution. This is a follow-up to an incomplete fix for CVE-2021-29477. The issue affects 64‑bit systems and can be mitigated by ACLs preventing STRALGO LCS or by configuring proto-max-bul...

8.8CVSS8.1AI score0.04207EPSS
CVE
CVE
added 2020/06/15 4:52 p.m.268 views

CVE-2020-14147

The CVE-2020-14147 issue is a vulnerability in Redis: an integer overflow in the getnum function of lua_struct.c on Redis builds before 6.0.3 can be triggered by processing large numbers in Lua code, leading to memory corruption, a denial of service (application crash), and potentially bypassing ...

7.7CVSS8AI score0.03085EPSS
CVE
CVE
added 2018/06/17 2:0 p.m.250 views

CVE-2018-12326

CVE-2018-12326 is a vulnerability in Redis: buffer overflow in redis-cli that can allow code execution and privilege escalation via a crafted command line. Affected: Redis before 4.0.10 and 5.x before 5.0 RC3. Impact per documents: potential code execution and privilege escalation with high sever...

8.4CVSS8.6AI score0.02678EPSS
CVE
CVE
added 2018/06/17 5:0 p.m.241 views

CVE-2018-11219

CVE-2018-11219 is a Redis Lua subsystem integer overflow vulnerability (bounds checking failure) affecting Redis up to versions prior to 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. The issue originates in lua_struct.c:b_unpack() and can lead to memory corruption or a crash. Public details ...

9.8CVSS7.9AI score0.07056EPSS
CVE
CVE
added 2018/06/17 5:0 p.m.224 views

CVE-2018-11218

CVE-2018-11218 describes a memory corruption vulnerability in the Redis Lua subsystem’s cmsgpack handling, caused by stack-based buffer overflows. Affected Redis versions are before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2. Several connected sources reiter the issue as a Redis component ...

9.8CVSS8.1AI score0.58529EPSS
CVE
CVE
added 2021/05/04 4:0 p.m.221 views

CVE-2021-29478

CVE-2021-29478 is an integer overflow in Redis 6.2 before 6.2.3 (and related COPY intsets) that could allow remote code execution when an attacker uses large intsets. IBM advisories cite affected IBM Robotic Process Automation for Cloud Pak versions (21.0.1–21.0.7.5 and 23.0.0–23.0.6) with remedi...

8.8CVSS7.7AI score0.03628EPSS
CVE
CVE
added 2016/04/13 3:0 p.m.199 views

CVE-2015-8080

CVE-2015-8080 is an in Redis where the getnum function in lua_struct.c can overflow an integer if a Lua script processes a large number. Affects Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6. The described impact is memory corruption and application crash, with potential sandbox circumvention....

7.5CVSS8AI score0.05362EPSS
CVE
CVE
added 2021/03/31 1:44 p.m.187 views

CVE-2021-3470

CVE-2021-3470 is a Redis heap overflow vulnerability affecting versions before 5.0.10, before 6.0.9, and before 6.2.0 when using a heap allocator other than jemalloc or glibc malloc, potentially causing an out-of-bounds write or process crash. The flaw primarily affects setups not using jemalloc/...

5.3CVSS5.5AI score0.01144EPSS
CVE
CVE
added 2019/11/01 6:25 p.m.183 views

CVE-2013-0178

CVE-2013-0178 affects Redis before 2.6, with an insecure temporary file vulnerability related to /tmp/redis-%p.vm. The connected documents confirm the affected software and the insecure temp-file root cause but do not provide exploitation details, impact specifics, or any remediation/patch inform...

5.5CVSS5.4AI score0.00415EPSS
CVE
CVE
added 2015/06/09 2:0 p.m.179 views

CVE-2015-4335

CVE-2015-4335: Redis EVAL Lua sandbox escape . The vulnerability affects Redis up to 2.8.21 and 3.x up to 3.0.2, where remote attackers could abuse the EVAL Lua command to execute arbitrary Lua bytecode, potentially escaping the sandbox and running code with Redis process privileges. Debian’s adv...

10CVSS7AI score0.09636EPSS
In wild
CVE
CVE
added 2019/11/01 6:25 p.m.164 views

CVE-2013-0180

CVE-2013-0180 affects Redis 2.6 and is described as an insecure temporary file vulnerability related to /tmp/redis.ds. The connected sources consistently state this issue but do not provide concrete remediation details or a patch version. CVSS indicates local access with low base severity (3.6/5....

5.5CVSS5.4AI score0.00323EPSS
CVE
CVE
added 2016/08/10 2:0 p.m.127 views

CVE-2013-7458

Redis before 3.2.3 uses world-readable permissions for the linenoise history file (.rediscli_history), enabling local users to read sensitive information. This CVE-2013-7458 describes a local information disclosure due to file permissions. Connected sources corroborate the affected component (lin...

3.3CVSS3.2AI score0.00484EPSS
CVE
CVE
added 2018/06/16 5:0 p.m.106 views

CVE-2018-12453

CVE-2018-12453 affects Redis before 5.0, where a type confusion in xgroupCommand (t_stream.c) lets remote attackers trigger DoS when an XGROUP command is issued on a non-stream key. Exploitation PoCs exist (e.g., via redis-cli xgroup create and network-based triggers). IBM/OSS sources corroborate...

7.5CVSS7.4AI score0.24182EPSS
CVE
CVE
added 2017/10/24 6:0 p.m.102 views

CVE-2016-10517

CVE-2016-10517 describes a Cross Protocol Scripting vulnerability in Redis prior to 3.2.7. The issue arises in networking.c where Redis does not validate HTTP-like elements (POST and Host:) in data that can arrive on the Redis TCP port, allowing an HTTP-style request to be misinterpreted as a Red...

7.4CVSS7.2AI score0.02147EPSS
CVE
CVE
added 2016/10/28 2:0 p.m.86 views

CVE-2016-8339

Summary: CVE-2016-8339 is a buffer overflow in Redis 3.2.x prior to 3.2.4. The flaw occurs in the handling of the CONFIG SET option for the client-output-buffer-limit, where a crafted CONFIG SET can trigger an out-of-bounds write and potentially allow code execution. Impact (as stated in sources)...

9.8CVSS9.8AI score0.14834EPSS
CVE
CVE
added 2017/10/06 4:0 a.m.86 views

CVE-2017-15047

CVE-2017-15047 affects Redis 4.0.2, where clusterLoadConfig in cluster.c can trigger an out-of-bounds array index, causing a denial-of-service crash and potentially other impact. Public sources consistently reference a fix in Redis 4.0.3+ (and related advisories note fixes in later Redis versions...

9.8CVSS8.8AI score0.01784EPSS
CVE
CVE
added 2021/09/20 3:11 p.m.66 views

CVE-2020-21468

CVE-2020-21468 concerns a segmentation fault in the Redis 5.0.7 redis-server component that may cause a denial of service. The core description across sources notes that vendor reproduction of the issue in a released version (e.g., 5.0.7) is not possible, indicating uncertainty about real-world e...

7.5CVSS7AI score0.01192EPSS