CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0CVE-2021-32626 – Lua scripts can overflow the heap-based Lua stack in Redis
https://notcve.org/view.php?id=CVE-2021-32626
04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. • https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-21468
https://notcve.org/view.php?id=CVE-2020-21468
20 Sep 2021 — A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 ** EN DISPUTA ** Un fallo de segmentación en el componente redis-server de Redis 5.0.7 conduce a una denegación de servicio (DOS). NOTA: el proveedor no puede reproducir este problema en una versión liberada, como la 5.0.7 • http://redis.com •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2021-32761 – Integer overflow issues with *BIT commands on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-32761
21 Jul 2021 — Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a... • https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-32625 – Redis vulnerability in STRALGO LCS on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-32625
02 Jun 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL con... • https://github.com/redis/redis/releases/tag/6.0.14 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-29478 – Vulnerability in the COPY command for large intsets
https://notcve.org/view.php?id=CVE-2021-29478
04 May 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-... • https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-29477 – Vulnerability in the STRALGO LCS command
https://notcve.org/view.php?id=CVE-2021-29477
04 May 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LC... • https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29469 – Potential exponential regex in monitor mode
https://notcve.org/view.php?id=CVE-2021-29469
23 Apr 2021 — Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1. Node-redis es un cliente de Node.js Redis. • https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3470
https://notcve.org/view.php?id=CVE-2021-3470
31 Mar 2021 — A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. Se encontró un problema de desbordamiento de pila en Redis en las versiones anteriores a 5.0.10, versiones anteriores a 6.0.9 y versiones anteriores a 6.2.0, cuando se usaba un asignador de... • https://bugzilla.redhat.com/show_bug.cgi?id=1943623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21309 – Integer overflow on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-21309
26 Feb 2021 — Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer ov... • https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14147 – Debian Security Advisory 4731-1
https://notcve.org/view.php?id=CVE-2020-14147
15 Jun 2020 — An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. Un desbordamiento de enteros en la función getnum en el archivo lua_struct.c en Redis versiones ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •