Redis Security Vulnerabilities and Issues — Redis CVE List

Lucene search

RedislabsRedis

4 matches found

CVE•added 2018/06/17 5:29 p.m.•192 views

CVE-2018-11219

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.

9.8CVSS7.9AI score0.03482EPSS

CVE•added 2018/06/17 5:29 p.m.•179 views

CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.

9.8CVSS8.1AI score0.0964EPSS

CVE•added 2017/10/06 4:29 a.m.•71 views

CVE-2017-15047

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

9.8CVSS8.8AI score0.00374EPSS

CVE•added 2016/10/28 2:59 p.m.•68 views

CVE-2016-8339

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET...

9.8CVSS9.8AI score0.02502EPSS