Redis Security Vulnerabilities and Issues — Redis CVE List

Lucene search

RedislabsRedis

7 matches found

CVE•added 2021/02/26 10:15 p.m.•433 views

CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for th...

8.8CVSS7.5AI score0.00529EPSS

CVE•added 2021/05/04 4:15 p.m.•367 views

CVE-2021-29477

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. The pr...

8.8CVSS7.9AI score0.01918EPSS

CVE•added 2021/07/21 9:15 p.m.•288 views

CVE-2021-32761

Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis *BIT* command are vulnerable to integer overflow that...

7.5CVSS8AI score0.00843EPSS

CVE•added 2021/06/02 8:15 p.m.•249 views

CVE-2021-32625

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This ...

8.8CVSS8.1AI score0.01918EPSS

CVE•added 2021/05/04 4:15 p.m.•197 views

CVE-2021-29478

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly a...

8.8CVSS7.7AI score0.01425EPSS

CVE•added 2021/03/31 2:15 p.m.•139 views

CVE-2021-3470

A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use je...

5.3CVSS5.5AI score0.00466EPSS

CVE•added 2021/09/20 4:15 p.m.•51 views

CVE-2020-21468

A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7

7.5CVSS7.3AI score0.00384EPSS