Page 3 of 26 results (0.009 seconds)

CVSS: 8.8EPSS: 1%CPEs: 13EXPL: 0

04 Oct 2021 — Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. • https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0

21 Jul 2021 — Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a... • https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0

02 Jun 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL con... • https://github.com/redis/redis/releases/tag/6.0.14 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

04 May 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-... • https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0

04 May 2021 — Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LC... • https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

31 Mar 2021 — A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. Se encontró un problema de desbordamiento de pila en Redis en las versiones anteriores a 5.0.10, versiones anteriores a 6.0.9 y versiones anteriores a 6.2.0, cuando se usaba un asignador de... • https://bugzilla.redhat.com/show_bug.cgi?id=1943623 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •