CVE-2022-36021 – Redis string pattern matching can be abused to achieve Denial of Service
https://notcve.org/view.php?id=CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. • https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv • CWE-407: Inefficient Algorithmic Complexity •
CVE-2022-35977 – Integer overflow in certain command arguments can drive Redis to OOM panic
https://notcve.org/view.php?id=CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 https://github.com/redis/redis/releases/tag/6.0.17 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j • CWE-190: Integer Overflow or Wraparound •
CVE-2023-22458 – Integer overflow in multiple Redis commands can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-22458
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj • CWE-190: Integer Overflow or Wraparound •
CVE-2022-3734 – Redis on Windows dbghelp.dll uncontrolled search path
https://notcve.org/view.php?id=CVE-2022-3734
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. • https://vuldb.com/?id.212416 https://www.cnblogs.com/J0o1ey/p/16829380.html • CWE-426: Untrusted Search Path •
CVE-2022-3647 – Redis Crash Report debug.c sigsegvHandler denial of service
https://notcve.org/view.php?id=CVE-2022-3647
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. • https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 https://vuldb.com/?ctiid.211962 https://vuldb.com/?id.211962 • CWE-404: Improper Resource Shutdown or Release •