CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 2CVE-2018-12326 – Redis-cli < 5.0 - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2018-12326
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. Desbordamiento de búfer en redis-cli en Redis, en versiones anteriores a la 4.0.10 y versiones 5.x anteriores a la 5.0 RC3 permite que un atacante logre la ejecución de código y escale a privilegios más altos mediante una línea de comandos manipulada. NOTA: no se sabe a ciencia cierta si hay situaciones comunes en las que se emplea redis-cli, por ejemplo, con un argumento -h (hostname) de una fuente no fiable. The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h (host) command line parameter. • https://www.exploit-db.com/exploits/44904 https://github.com/spasm5/CVE-2018-12326 https://access.redhat.com/errata/RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:1860 https://gist.github.com/fakhrizulkifli/f831f40ec6cde4f744c552503d8698f0 https://github.com/antirez/redis/commit/9fdcc15962f9ff4baebe6fdd947816f43f730d50 https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES https://raw.githubusercontent.com/antirez/redis/5.0/00-REL • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 2CVE-2018-12453 – Redis 5.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-12453
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Confusión de tipos en la función xgroupCommand en t_stream.c en redis-server en Redis en versiones anteriores a la 5.0 permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un comando XGROUP en el que la clave no es una secuencia. Redis version 5.0 suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/44908 https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5 https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10517
https://notcve.org/view.php?id=CVE-2016-10517
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). networking.c en Redis en versiones anteriores a la 3.2.7 permite Cross Protocol Scripting porque carece de un control para cadenas POST y Host: que no son válidas en el protocolo Redis (pero suele ocurrir cuando un ataque desencadena una petición HTTP al puerto TCP de Redis). • http://www.securityfocus.com/bid/101572 https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES https://www.reddit.com/r/redis/comments/5r8wxn/redis_327_is_out_important_security_fixes_inside • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15047
https://notcve.org/view.php?id=CVE-2017-15047
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." La función clusterLoadConfig en cluster.c en Redis 4.0.2 permite que atacantes remotos provoquen una denegación de servicio (indexación de arrays fuera de límites y cierre inesperado de la aplicación) o, probablemente, causar cualquier otro tipo de impacto mediante un acceso limitado a la máquina. • https://github.com/antirez/redis/issues/4278 https://security.gentoo.org/glsa/202008-17 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2016-8339
https://notcve.org/view.php?id=CVE-2016-8339
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Un desbordamiento de búfer en Redis 3.2.x antes de 3.2.4 provoca ejecución de código arbitrario cuando un comando manipulado es enviado. Una vulnerabilidad de escritura fuera de límites existe en el manejo de la opción client-output-buffer-limit durante el comando CONFIG SET para la estructura de almacén de datos Redis. • http://www.securityfocus.com/bid/93283 http://www.talosintelligence.com/reports/TALOS-2016-0206 https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 https://security.gentoo.org/glsa/201702-16 • CWE-787: Out-of-bounds Write •