Page 5 of 22 results (0.003 seconds)

CVSS: 7.5EPSS: 82%CPEs: 9EXPL: 1

Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html http://rhn.redhat.com/errata/RHSA-2016-0095.html http://rhn.redhat.com/errata/RHSA-2016-0096.html http://rhn.redhat.com/errata/RHSA-2016-0097.html http://www.debian.org/security/2015/dsa-3412 http://www.openwall.com/lists/oss-security/2015/11/06/2 http://www.openwall.com/lists/oss-security/2015/11/06/4 http://www.securityfocus.com/bid/77507 https://github.com/antirez/redis/issues/2855 https&# • CWE-190: Integer Overflow or Wraparound •

CVSS: 10.0EPSS: 1%CPEs: 5EXPL: 1

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. • http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.html http://lists.opensuse.org/opensuse-updates/2015-10/msg00014.html http://rhn.redhat.com/errata/RHSA-2015-1676.html http://www.debian.org/security/2015/dsa-3279 http://www.openwall.com/lists/oss-security/2015/06/04/12 http://www.openwall.com/lists/ • CWE-17: DEPRECATED: Code •