VuXML ID | Description |
9b4806c1-257f-11ec-9db5-0800270512f4 | redis -- multiple vulnerabilities
The Redis Team reports:
- CVE-2021-41099
-
Integer to heap buffer overflow handling certain string commands
and network payloads, when proto-max-bulk-len is manually configured.
- CVE-2021-32762
-
Integer to heap buffer overflow issue in redis-cli and redis-sentinel
parsing large multi-bulk replies on some older and less common platforms.
- CVE-2021-32687
-
Integer to heap buffer overflow with intsets, when set-max-intset-entries
is manually configured to a non-default, very large value.
- CVE-2021-32675
-
Denial Of Service when processing RESP request payloads with a large
number of elements on many connections.
- CVE-2021-32672
-
Random heap reading issue with Lua Debugger.
- CVE-2021-32628
-
Integer to heap buffer overflow handling ziplist-encoded data types,
when configuring a large, non-default value for hash-max-ziplist-entries,
hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value.
- CVE-2021-32627
-
Integer to heap buffer overflow issue with streams, when configuring
a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
- CVE-2021-32626
-
Specially crafted Lua scripts may result with Heap buffer overflow.
Discovery 2021-10-04 Entry 2021-10-05 redis-devel
< 7.0.0.20211005
redis
< 6.2.6
redis6
< 6.0.16
redis5
< 5.0.14
CVE-2021-41099
CVE-2021-32762
CVE-2021-32687
CVE-2021-32675
CVE-2021-32672
CVE-2021-32628
CVE-2021-32627
CVE-2021-32626
https://groups.google.com/g/redis-db/c/GS_9L2KCk9g
|
c561ce49-eabc-11eb-9c3f-0800270512f4 | redis -- Integer overflow issues with BITFIELD command on 32-bit systems
Huang Zhw reports:
On 32-bit versions, Redis BITFIELD command is vulnerable to integer
overflow that can potentially be exploited to corrupt the heap,
leak arbitrary heap contents or trigger remote code execution.
The vulnerability involves constructing specially crafted bit
commands which overflow the bit offset.
This problem only affects 32-bit versions of Redis.
Discovery 2021-07-04 Entry 2021-07-27 redis
< 6.0.15
redis-devel
< 6.2.5
redis5
< 5.0.13
CVE-2021-32761
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj
|
1606b03b-ac57-11eb-9bdd-8c164567ca3c | redis -- multiple vulnerabilities
Redis project reports:
- Vulnerability in the STRALGO LCS command
-
An integer overflow bug in Redis version 6.0 or newer could be
exploited using the STRALGO LCS command to corrupt the heap and
potentially result with remote code execution.
- Vulnerability in the COPY command for large intsets
-
An integer overflow bug in Redis 6.2 could be exploited to corrupt
the heap and potentially result with remote code execution.
The vulnerability involves changing the default set-max-intset-entries
configuration value, creating a large set key that consists of
integer values and using the COPY command to duplicate it.
The integer overflow bug exists in all versions of Redis starting
with 2.6, where it could result with a corrupted RDB or DUMP payload,
but not exploited through COPY (which did not exist before 6.2).
Discovery 2021-05-03 Entry 2021-05-03 redis
ge 6.0.0 lt 6.0.13
redis-devel
ge 6.2.0 lt 6.2.3
CVE-2021-29477
CVE-2021-29478
https://groups.google.com/g/redis-db/c/6GSWzTW0PR8
|
5fa68bd9-95d9-11ed-811a-080027f5fec9 | redis -- multiple vulnerabilities
The Redis core team reports:
- CVE-2022-35977
-
Integer overflow in the Redis SETRANGE and SORT/SORT_RO
commands can drive Redis to OOM panic.
- CVE-2023-22458
-
Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER
commands can lead to denial-of-service.
Discovery 2023-01-16 Entry 2023-01-16 redis
< 7.0.8
redis-devel
< 7.0.8.20230116
redis62
< 6.2.9
redis6
< 6.0.17
CVE-2022-35977
CVE-2023-22458
https://github.com/redis/redis/releases/tag/7.0.8
|
b17bce48-b7c6-11ed-b304-080027f5fec9 | redis -- multiple vulnerabilities
The Redis core team reports:
- CVE-2023-25155
-
Specially crafted SRANDMEMBER, ZRANDMEMBER, and
HRANDFIELD commands can trigger an integer overflow,
resulting in a runtime assertion and termination of the
Redis server process.
- CVE-2022-36021
-
String matching commands (like SCAN or KEYS) with a
specially crafted pattern to trigger a denial-of-service
attack on Redis, causing it to hang and consume 100% CPU
time.
Discovery 2023-02-28 Entry 2023-03-01 redis
< 7.0.9
redis-devel
< 7.0.9.20230228
redis62
< 6.2.11
redis6
< 6.0.18
CVE-2023-25155
CVE-2022-36021
https://groups.google.com/g/redis-db/c/3hQ1oTO4hMI
|
8eb69cd0-c2ec-11eb-b6e7-8c164567ca3c | redis -- integer overflow
Redis development team reports:
An integer overflow bug in Redis version 6.0 or newer can be
exploited using the STRALGO LCS command to corrupt the heap and
potentially result with remote code execution. This is a result
of an incomplete fix by CVE-2021-29477.
Discovery 2021-06-01 Entry 2021-06-01 redis
ge 6.0.0 lt 6.0.14
redis-devel
ge 6.2.0 lt 6.2.4
CVE-2021-32625
https://groups.google.com/g/redis-db/c/RLTwi1kKsCI
|
cc42db1c-c65f-11ec-ad96-0800270512f4 | redis -- Multiple vulnerabilities
Aviv Yahav reports:
- CVE-2022-24735
-
By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject
Lua code that will execute with the (potentially higher)
privileges of another Redis user.
- CVE-2022-24736
-
An attacker attempting to load a specially crafted Lua
script can cause NULL pointer dereference which will
result with a crash of the redis-server process.
Discovery 2022-04-27 Entry 2022-04-27 redis
< 6.2.7
redis-devel
< 7.0.0.20220428
redis62
< 6.2.7
CVE-2022-24735
CVE-2022-24736
https://groups.google.com/g/redis-db/c/7iWUlwtoDqU
|
0e254b4a-1f37-11ee-a475-080027f5fec9 | redis -- Heap overflow in the cjson and cmsgpack libraries
Redis core team reports:
A specially crafted Lua script executing in Redis can
trigger a heap overflow in the cjson and cmsgpack
libraries, and result in heap corruption and potentially
remote code execution.
Discovery 2023-07-10 Entry 2023-07-10 redis
< 7.0.12
redis-devel
< 7.0.12.20230710
redis62
< 6.2.13
redis60
< 6.0.20
CVE-2022-24834
https://groups.google.com/g/redis-db/c/JDjKS0GubsQ
|
8706e097-6db7-11ee-8744-080027f5fec9 | redis -- Possible bypassing Unix socket permissions
Redis core team reports:
The wrong order of listen(2) and chmod(2) calls creates a
race condition that can be used by another process to
bypass desired Unix socket permissions on startup.
Discovery 2023-10-18 Entry 2023-10-18 redis
< 7.2.2
redis-devel
< 7.2.2.20231018
redis70
< 7.0.14
redis62
< 6.2.14
CVE-2023-45145
https://groups.google.com/g/redis-db/c/r81pHa-dcI8
|
96b2d4db-ddd2-11ed-b6ea-080027f5fec9 | redis -- HINCRBYFLOAT can be used to crash a redis-server process
Redis core team reports:
Authenticated users can use the HINCRBYFLOAT command to
create an invalid hash field that may later crash Redis on
access.
Discovery 2023-04-17 Entry 2023-05-08 redis
< 7.0.11
redis62
< 6.2.12
redis6
< 6.0.19
CVE-2023-28856
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
|
6fae2d6c-1f38-11ee-a475-080027f5fec9 | redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
Redis core team reports:
Extracting key names from a command and a list of
arguments may, in some cases, trigger a heap overflow and
result in reading random heap memory, heap corruption and
potentially remote code execution. Specifically: using
COMMAND GETKEYS* and validation of key names in ACL rules.
Discovery 2023-07-10 Entry 2023-07-10 redis
< 7.0.12
redis-devel
< 7.0.12.20230710
CVE-2023-36824
https://groups.google.com/g/redis-db/c/JDjKS0GubsQ
https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
|
a60cc0e4-c7aa-11ed-8a4b-080027f5fec9 | redis -- specially crafted MSETNX command can lead to denial-of-service
Yupeng Yang reports:
Authenticated users can use the MSETNX command to trigger
a runtime assertion and termination of the Redis server
process.
Discovery 2023-03-20 Entry 2023-03-21 redis
< 7.0.10
redis-devel
< 7.0.10.20230320
CVE-2023-28425
https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
|