CVE-2023-47003
https://notcve.org/view.php?id=CVE-2023-47003
An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Un problema en RedisGraph v.2.12.10 permite a un atacante ejecutar código arbitrario y provocar una denegación de servicio a través de una cadena manipulada en DataBlock_ItemIsDeleted. • https://github.com/RedisGraph/RedisGraph/issues/3063 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •
CVE-2023-47004
https://notcve.org/view.php?id=CVE-2023-47004
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. La vulnerabilidad de desbordamiento del búfer en Redis RedisGraph v.2.x a v.2.12.8 y corregida en v.2.12.9 permite a un atacante ejecutar código arbitrario a través de la lógica del código después de una autenticación válida. • https://github.com/RedisGraph/RedisGraph/issues/3178 • CWE-787: Out-of-bounds Write •
CVE-2020-35668
https://notcve.org/view.php?id=CVE-2020-35668
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. RedisGraph versiones 2.x hasta 2.2.11, presenta una desreferencia del puntero NULL que conlleva a un bloqueo del servidor porque maneja inapropiadamente una cadena sin comillas, tal y como un alias que aún no ha sido introducido • https://github.com/RedisGraph/RedisGraph/issues/1502 https://github.com/RedisGraph/RedisGraph/pull/1503 • CWE-476: NULL Pointer Dereference •