CVE-2021-21309 – Integer overflow on 32-bit systems
https://notcve.org/view.php?id=CVE-2021-21309
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. • https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 https://github.com/redis/redis/pull/8522 https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf https://security.gentoo.org/glsa/202103-02 https://access.redhat.com/security/cve/CVE-2021-21309 https://bugzilla.redhat.com/show_bug.cgi?id=1932634 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •
CVE-2020-14147
https://notcve.org/view.php?id=CVE-2020-14147
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. Un desbordamiento de enteros en la función getnum en el archivo lua_struct.c en Redis versiones anteriores a 6.0.3, permite a atacantes dependiendo del contexto, con permiso para ejecutar el código Lua en una sesión de Redis, causar una denegación de servicio (corrupción de la memoria y bloqueo de la aplicación) o posiblemente omitir las restricciones del sandbox previstas por medio de un número grande, lo que desencadena un desbordamiento de búfer en la región stack de la pila. NOTA: este problema se presenta debido a una regresión de CVE-2015-8080 • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 https://github.com/antirez/redis/pull/6875 https://security.gentoo.org/glsa/202008-17 https://www.debian.org/security/2020/dsa-4731 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-10192 – redis: Heap buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10192
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4 de Redis. Por la corrupción cuidadosa de un hyperloglog usando el comando SETRANGE, un atacante podría engañar la interpretación de Redis de codificación HLL densa para escribir hasta 3 bytes más allá del final de un búfer asignado a la pila. A heap buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:2002 https://access.redhat.com/errata/RHSA-2019:2506 https://access.redhat.com/errata/RHSA-2019:2508 https://access.redhat.com/errata/RHSA-2019:2621 https://access.redhat.com/errata/RHSA-2019:2630 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192 https://raw.githubusercontent.com/antir • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-10193 – redis: Stack buffer overflow in HyperLogLog triggered by malicious client
https://notcve.org/view.php?id=CVE-2019-10193
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Se detectó una vulnerabilidad de desbordamiento del búfer de la pila en hyperloglog data structure de Redis en las versiones 3.x anteriores a 3.2.13, versiones 4.x anteriores a 4.0.14 y versiones 5.x anteriores a 5.0.4. Por la corrupción de un hiperloglog usando el comando SETRANGE, un atacante podría causar que Redis realizara incrementos controlados de hasta 12 bytes más allá del final de un búfer asignado a la pila. A stack buffer overflow vulnerability was found in the Redis HyperLogLog data structure. • http://www.securityfocus.com/bid/109290 https://access.redhat.com/errata/RHSA-2019:1819 https://access.redhat.com/errata/RHSA-2019:2002 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES https://seclists.org/bugtraq/2019/Jul/19 https://security.gentoo.org/glsa/201908-0 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2018-11219 – redis: Integer overflow in lua_struct.c:b_unpack()
https://notcve.org/view.php?id=CVE-2018-11219
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Se ha descubierto un problema de desbordamiento de enteros en la biblioteca struct en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 que conduce a un error en la comprobación de límites. • http://antirez.com/news/119 http://www.securityfocus.com/bid/104552 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936 https://github.com/antirez/redis/issues/5017 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.git • CWE-190: Integer Overflow or Wraparound •