CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 2CVE-2018-11218 – redis: Heap corruption in lua_cmsgpack.c
https://notcve.org/view.php?id=CVE-2018-11218
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Se ha descubierto una corrupción de memoria en la biblioteca cmsgpack en el subsistema Lua en Redis en versiones anteriores a la 3.2.12, versiones 4.x anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC2 debido a desbordamientos de búfer basados en pila. • http://antirez.com/news/119 http://www.securityfocus.com/bid/104553 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://github.com/antirez/redis/commit/52a00201fca331217c3b4b8b634f6a0f57d6b7d3 https://github.com/antirez/redis/commit/5ccb6f7a791bf3490357b00a898885759d98bab0 https://github.com/antirez/redis/issues/5017 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.git • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 2CVE-2018-12326 – Redis-cli < 5.0 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2018-12326
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. Desbordamiento de búfer en redis-cli en Redis, en versiones anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC3 permite que un atacante logre la ejecución de código y escale a privilegios más altos mediante una línea de comandos manipulada. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea redis-cli, por ejemplo, con un argumento -h (hostname) de una fuente no fiable. The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h (host) command line parameter. • https://www.exploit-db.com/exploits/44904 https://github.com/spasm5/CVE-2018-12326 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-REL • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2018-12453 – Redis 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Confusión de tipos en la función xgroupCommand en t_stream.c en redis-server en Redis en versiones anteriores a la 5.0 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un comando XGROUP en el que la clave no es una secuencia. Redis version 5.0 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/44908 https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5 https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15047
https://notcve.org/view.php?id=CVE-2017-15047
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." La función clusterLoadConfig en cluster.c en Redis 4.0.2 permite que atacantes remotos provoquen una denegación de servicio (indexación de arrays fuera de límites y cierre inesperado de la aplicación) o, probablemente, causar cualquier otro tipo de impacto mediante un acceso limitado a la máquina. • https://github.com/antirez/redis/issues/4278 https://security.gentoo.org/glsa/202008-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 82%CPEs: 9EXPL: 1CVE-2015-8080 – redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2015-8080
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. Desbordamiento de entero en la función getnum en lua_struct.c en Redis 2.8.x en versiones anteriores a 2.8.24 y 3.0.x en versiones anteriores a 3.0.6 permite a atacantes dependientes de contexto con permiso para ejecutar código Lua en una sesión Redis provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente eludir restricciones destinadas a la sandbox a través de un número grande, lo que desencadena un desbordamiento de buffer basado en pila. An integer-wraparound flaw leading to a stack-based overflow was found in Redis. A user with access to run Lua code in a Redis session could possibly use this flaw to crash the server (denial of service) or gain code execution outside of the Lua sandbox. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html http://rhn.redhat.com/errata/RHSA-2016-0095.html http://rhn.redhat.com/errata/RHSA-2016-0096.html http://rhn.redhat.com/errata/RHSA-2016-0097.html http://www.debian.org/security/2015/dsa-3412 http://www.openwall.com/lists/oss-security/2015/11/06/2 http://www.openwall.com/lists/oss-security/2015/11/06/4 http://www.securityfocus.com/bid/77507 https://github.com/antirez/redis/issues/2855 https&# • CWE-190: Integer Overflow or Wraparound •