CVSS: 7.5EPSS: 60%CPEs: 9EXPL: 1CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-8080
04 Dec 2015 — Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones a... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 1CVE-2015-4335 – redis: Lua sandbox escape and arbitrary code execution
https://notcve.org/view.php?id=CVE-2015-4335
09 Jun 2015 — Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. Redis is an advanced ke... • http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape • CWE-17: DEPRECATED: Code •