CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-32628 – Vulnerability in handling large ziplists
https://notcve.org/view.php?id=CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. • https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB https://security.gentoo.org/gls • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 2%CPEs: 13EXPL: 0CVE-2021-32626 – Lua scripts can overflow the heap-based Lua stack in Redis
https://notcve.org/view.php?id=CVE-2021-32626
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. • https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591 https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z https://lists.fedoraproject.org/arch • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 3%CPEs: 3EXPL: 0CVE-2021-32765 – Integer Overflow to Buffer Overflow in Hiredis
https://notcve.org/view.php?id=CVE-2021-32765
Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible. • https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 https://lists.debian.org/debian-lts-announce/2021/10/msg00007.html https://security.gentoo.org/glsa/202210-32 https://security.netapp.com/advisory/ntap-20211104-0003 https://wiki.sei.cmu.edu/confluence/display/c/MEM07-C.+Ensure+that+the+arguments+to+calloc%28%29%2C+when+multiplied%2C+do+not+wrap • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29469 – Potential exponential regex in monitor mode
https://notcve.org/view.php?id=CVE-2021-29469
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1. Node-redis es un cliente de Node.js Redis. • https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e https://github.com/NodeRedis/node-redis/releases/tag/v3.1.1 https://github.com/NodeRedis/node-redis/security/advisories/GHSA-35q2-47q7-3pc3 https://security.netapp.com/advisory/ntap-20210611-0010 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17206
https://notcve.org/view.php?id=CVE-2019-17206
Uncontrolled deserialization of a pickled object in models.py in Frost Ming rediswrapper (aka Redis Wrapper) before 0.3.0 allows attackers to execute arbitrary scripts. La deserialización no controlada de un objeto pickled en models.py en Frost Ming rediswrapper (también se conoce como Redis Wrapper) versiones anteriores a 0.3.0, permite a atacantes ejecutar scripts arbitrarios. • https://github.com/frostming/rediswrapper/compare/v0.2.1...v0.3.0 https://github.com/frostming/rediswrapper/pull/1 https://github.com/frostming/rediswrapper/releases/tag/v0.3.0 • CWE-502: Deserialization of Untrusted Data •