CVE-2023-31655
https://notcve.org/view.php?id=CVE-2023-31655
redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. • https://github.com/RedisLabs/redisraft/issues/608 https://security.netapp.com/advisory/ntap-20230616-0005 •
CVE-2023-28856 – `HINCRBYFLOAT` can be used to crash a redis-server process
https://notcve.org/view.php?id=CVE-2023-28856
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. • https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c https://github.com/redis/redis/pull/11149 https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6 https://lists.fedoraproject. • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2023-28425 – Specially crafted MSETNX command can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-28425
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. • https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9 https://github.com/redis/redis/releases/tag/7.0.10 https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c https://security.netapp.com/advisory/ntap-20230413-0005 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-617: Reachable Assertion •
CVE-2023-25155 – Integer Overflow in several Redis commands can lead to denial of service.
https://notcve.org/view.php?id=CVE-2023-25155
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. • https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 https://github.com/redis/redis/releases/tag/6.0.18 https://github.com/redis/redis/releases/tag/6.2.11 https://github.com/redis/redis/releases/tag/7.0.9 https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 • CWE-190: Integer Overflow or Wraparound •
CVE-2022-36021 – Redis string pattern matching can be abused to achieve Denial of Service
https://notcve.org/view.php?id=CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. • https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv • CWE-407: Inefficient Algorithmic Complexity •