CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47003
https://notcve.org/view.php?id=CVE-2023-47003
16 Nov 2023 — An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. Un problema en RedisGraph v.2.12.10 permite a un atacante ejecutar código arbitrario y provocar una denegación de servicio a través de una cadena manipulada en DataBlock_ItemIsDeleted. • https://github.com/RedisGraph/RedisGraph/issues/3063 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47004
https://notcve.org/view.php?id=CVE-2023-47004
06 Nov 2023 — Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. La vulnerabilidad de desbordamiento del búfer en Redis RedisGraph v.2.x a v.2.12.8 y corregida en v.2.12.9 permite a un atacante ejecutar código arbitrario a través de la lógica del código después de una autenticación válida. • https://github.com/RedisGraph/RedisGraph/issues/3178 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35668
https://notcve.org/view.php?id=CVE-2020-35668
23 Dec 2020 — RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. RedisGraph versiones 2.x hasta 2.2.11, presenta una desreferencia del puntero NULL que conlleva a un bloqueo del servidor porque maneja inapropiadamente una cadena sin comillas, tal y como un alias que aún no ha sido introducido • https://github.com/RedisGraph/RedisGraph/issues/1502 • CWE-476: NULL Pointer Dereference •