Product:

Redis

(Redislabs)
Repositories https://github.com/antirez/redis
#Vulnerabilities 22
Date Id Summary Products Score Patch Annotated
2018-06-17 CVE-2018-11218 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Debian_linux, Communications_operations_monitor, Openstack, Redis 9.8
2020-06-15 CVE-2020-14147 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. Debian_linux, Communications_operations_monitor, Redis, Linux_enterprise 7.7
2021-03-31 CVE-2021-3470 A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. Redis 5.3
2017-10-06 CVE-2017-15047 The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." Redis 9.8
2019-11-01 CVE-2013-0180 Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. Redis N/A
2019-11-01 CVE-2013-0178 Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. Redis N/A
2018-06-16 CVE-2018-12453 Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Redis 7.5
2018-06-17 CVE-2018-12326 Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. Redis 8.4
2017-10-24 CVE-2016-10517 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). Redis 7.4
2016-08-10 CVE-2013-7458 linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. Debian_linux, Redis 3.3