CVE-2016-10517
https://notcve.org/view.php?id=CVE-2016-10517
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). networking.c en Redis en versiones anteriores a la 3.2.7 permite Cross Protocol Scripting porque carece de un control para cadenas POST y Host: que no son válidas en el protocolo Redis (pero suele ocurrir cuando un ataque desencadena una petición HTTP al puerto TCP de Redis). • http://www.securityfocus.com/bid/101572 https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside • CWE-254: 7PK - Security Features •
CVE-2017-15047
https://notcve.org/view.php?id=CVE-2017-15047
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." La función clusterLoadConfig en cluster.c en Redis 4.0.2 permite que atacantes remotos provoquen una denegación de servicio (indexación de arrays fuera de límites y cierre inesperado de la aplicación) o, probablemente, causar cualquier otro tipo de impacto mediante un acceso limitado a la máquina. • https://github.com/antirez/redis/issues/4278 https://security.gentoo.org/glsa/202008-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-8339
https://notcve.org/view.php?id=CVE-2016-8339
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Un desbordamiento de búfer en Redis 3.2.x antes de 3.2.4 provoca ejecución de código arbitrario cuando un comando manipulado es enviado. Una vulnerabilidad de escritura fuera de límites existe en el manejo de la opción client-output-buffer-limit durante el comando CONFIG SET para la estructura de almacén de datos Redis. • http://www.securityfocus.com/bid/93283 http://www.talosintelligence.com/reports/TALOS-2016-0206 https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 https://security.gentoo.org/glsa/201702-16 • CWE-787: Out-of-bounds Write •
CVE-2013-7458
https://notcve.org/view.php?id=CVE-2013-7458
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. linenoise, tal y como se utiliza en Redis en versiones anteriores a 3.2.3, utiliza permisos accesibles a todos para .rediscli_history, lo que permite a usuarios locales obtener información sensible leyendo el archivo. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00030.html http://www.debian.org/security/2016/dsa-3634 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832460 https://github.com/antirez/linenoise/issues/121 https://github.com/antirez/linenoise/pull/122 https://github.com/antirez/redis/blob/3.2/00-RELEASENOTES https://github.com/antirez/redis/issues/3284 https://github.com/antirez/redis/pull/1418 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-8080
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html http://rhn.redhat.com/errata/RHSA-2016-0095.html http://rhn.redhat.com/errata/RHSA-2016-0096.html http://rhn.redhat.com/errata/RHSA-2016-0097.html http://www.debian.org/security/2015/dsa-3412 http://www.openwall.com/lists/oss-security/2015/11/06/2 http://www.openwall.com/lists/oss-security/2015/11/06/4 http://www.securityfocus.com/bid/77507 https://github.com/antirez/redis/issues/2855 https • CWE-190: Integer Overflow or Wraparound •