Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from cleanstart
Published
2026-01-30 14:34
Modified
2026-01-29 18:58
Summary
Redis is an open source, in-memory database that persists on disk
Details
Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "redis"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.4.6-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YM75307",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T14:34:22.430652Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YM75307.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-49844"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Redis is an open source, in-memory database that persists on disk",
"upstream": [
"CVE-2015-8080",
"CVE-2019-10192",
"CVE-2019-10193",
"CVE-2020-14147",
"CVE-2021-32625",
"CVE-2021-32626",
"CVE-2021-32627",
"CVE-2021-32628",
"CVE-2021-32672",
"CVE-2021-32675",
"CVE-2021-32687",
"CVE-2021-32762",
"CVE-2021-41099",
"CVE-2022-24736",
"CVE-2022-24834",
"CVE-2022-35977",
"CVE-2022-3647",
"CVE-2023-36824",
"CVE-2023-41053",
"CVE-2023-41056",
"CVE-2023-45145",
"CVE-2024-31227",
"CVE-2024-31228",
"CVE-2024-31449",
"CVE-2025-46817",
"CVE-2025-46818",
"CVE-2025-46819",
"CVE-2025-49844"
]
}
CVE-2023-36824 (GCVE-0-2023-36824)
Vulnerability from cvelistv5 – Published: 2023-07-11 16:16 – Updated: 2025-02-13 16:56
VLAI?
EPSS
Title
Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
Summary
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.
Severity ?
7.4 (High)
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230814-0009/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "redis",
"vendor": "redis",
"versions": [
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T18:06:25.399106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T18:33:29.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T18:06:26.690Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.12"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230814-0009/"
}
],
"source": {
"advisory": "GHSA-4cfx-h9gq-xpx3",
"discovery": "UNKNOWN"
},
"title": "Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36824",
"datePublished": "2023-07-11T16:16:16.432Z",
"dateReserved": "2023-06-27T15:43:18.386Z",
"dateUpdated": "2025-02-13T16:56:27.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46819 (GCVE-0-2025-46819)
Vulnerability from cvelistv5 – Published: 2025-10-03 19:12 – Updated: 2025-10-31 14:53
VLAI?
EPSS
Title
Redis is vulnerable to DoS via specially crafted LUA scripts
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Severity ?
6.3 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T19:24:17.581618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:24:24.823Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-31T14:53:41.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-46819-detect-redis-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-46819-mitigate-redis-vulnerability"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:12:10.999Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f"
},
{
"name": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba"
},
{
"name": "https://github.com/redis/redis/releases/tag/8.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
}
],
"source": {
"advisory": "GHSA-4c68-q8q8-3g4f",
"discovery": "UNKNOWN"
},
"title": "Redis is vulnerable to DoS via specially crafted LUA scripts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46819",
"datePublished": "2025-10-03T19:12:10.999Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-10-31T14:53:41.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-32675 (GCVE-0-2021-32675)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:50 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
DoS vulnerability in Redis
Summary
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:35",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-f6pw-v9gw-v64p",
"discovery": "UNKNOWN"
},
"title": "DoS vulnerability in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32675",
"STATE": "PUBLIC",
"TITLE": "DoS vulnerability in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-770: Allocation of Resources Without Limits or Throttling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p"
},
{
"name": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-f6pw-v9gw-v64p",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32675",
"datePublished": "2021-10-04T17:50:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31228 (GCVE-0-2024-31228)
Vulnerability from cvelistv5 – Published: 2024-10-07 19:51 – Updated: 2025-11-03 21:54
VLAI?
EPSS
Title
Denial-of-service due to unbounded pattern matching in Redis
Summary
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
5.5 (Medium)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T20:20:14.689611Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:20:24.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:54:38.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.5, \u003c 6.2.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.6"
},
{
"status": "affected",
"version": "\u003e= 7.3.0, \u003c 7.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:51:06.784Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976"
},
{
"name": "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0"
}
],
"source": {
"advisory": "GHSA-66gq-c942-6976",
"discovery": "UNKNOWN"
},
"title": "Denial-of-service due to unbounded pattern matching in Redis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31228",
"datePublished": "2024-10-07T19:51:06.784Z",
"dateReserved": "2024-03-29T14:16:31.902Z",
"dateUpdated": "2025-11-03T21:54:38.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-35977 (GCVE-0-2022-35977)
Vulnerability from cvelistv5 – Published: 2023-01-20 18:19 – Updated: 2025-11-03 21:46
VLAI?
EPSS
Title
Integer overflow in certain command arguments can drive Redis to OOM panic
Summary
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
5.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:46:27.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
},
{
"name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.0.17",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.17"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.9"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-35977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:59:39.619602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:21:26.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0, \u003c 7.0.8"
},
{
"status": "affected",
"version": "\u003e= 6.2, \u003c 6.2.9"
},
{
"status": "affected",
"version": "\u003c 6.0.17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T18:19:27.692Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
},
{
"name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.0.17",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.17"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.9"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.8"
}
],
"source": {
"advisory": "GHSA-mrcw-fhw9-fj8j",
"discovery": "UNKNOWN"
},
"title": "Integer overflow in certain command arguments can drive Redis to OOM panic"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-35977",
"datePublished": "2023-01-20T18:19:27.692Z",
"dateReserved": "2022-07-15T23:52:24.278Z",
"dateUpdated": "2025-11-03T21:46:27.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-45145 (GCVE-0-2023-45145)
Vulnerability from cvelistv5 – Published: 2023-10-18 20:17 – Updated: 2025-02-13 17:13
VLAI?
EPSS
Title
Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
Summary
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Severity ?
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:18.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx"
},
{
"name": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231116-0014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.0-rc1, \u003c 6.2.14"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.14"
},
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T15:06:16.371Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx"
},
{
"name": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0014/"
}
],
"source": {
"advisory": "GHSA-ghmp-889m-7cvx",
"discovery": "UNKNOWN"
},
"title": "Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45145",
"datePublished": "2023-10-18T20:17:08.588Z",
"dateReserved": "2023-10-04T16:02:46.330Z",
"dateUpdated": "2025-02-13T17:13:50.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49844 (GCVE-0-2025-49844)
Vulnerability from cvelistv5 – Published: 2025-10-03 19:27 – Updated: 2025-11-04 21:11
VLAI?
EPSS
Title
Redis Lua Use-After-Free may lead to remote code execution
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Severity ?
10 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-07T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T03:55:16.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:33.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/07/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:27:23.609Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"name": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"name": "https://github.com/redis/redis/releases/tag/8.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
}
],
"source": {
"advisory": "GHSA-4789-qfc9-5f9q",
"discovery": "UNKNOWN"
},
"title": "Redis Lua Use-After-Free may lead to remote code execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49844",
"datePublished": "2025-10-03T19:27:23.609Z",
"dateReserved": "2025-06-11T14:33:57.800Z",
"dateUpdated": "2025-11-04T21:11:33.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-10193 (GCVE-0-2019-10193)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:30 – Updated: 2024-08-04 22:17
VLAI?
EPSS
Summary
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
Severity ?
7.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | redis |
Affected:
3.x before 3.2.13
Affected: 4.x before 4.0.14 Affected: 5.x before 5.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:2002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "3.x before 3.2.13"
},
{
"status": "affected",
"version": "4.x before 4.0.14"
},
{
"status": "affected",
"version": "5.x before 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:23:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:2002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "3.x before 3.2.13"
},
{
"version_value": "4.x before 4.0.14"
},
{
"version_value": "5.x before 5.0.4"
}
]
}
}
]
},
"vendor_name": "Redis Labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4480",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:2002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10193"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10193",
"datePublished": "2019-07-11T18:30:33.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32687 (GCVE-0-2021-32687)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:55 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Integer overflow issue with intsets in Redis
Summary
Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:44",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-m3mf-8x9w-r27q",
"discovery": "UNKNOWN"
},
"title": "Integer overflow issue with intsets in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32687",
"STATE": "PUBLIC",
"TITLE": "Integer overflow issue with intsets in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q"
},
{
"name": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-m3mf-8x9w-r27q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32687",
"datePublished": "2021-10-04T17:55:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41053 (GCVE-0-2023-41053)
Vulnerability from cvelistv5 – Published: 2023-09-06 20:22 – Updated: 2025-02-13 17:08
VLAI?
EPSS
Title
Redis SORT_RO may bypass ACL configuration
Summary
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc"
},
{
"name": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41053",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:43:55.780393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:12:37.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.13"
},
{
"status": "affected",
"version": "\u003e= 7.1.0, \u003c 7.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-16T02:07:02.213Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc"
},
{
"name": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/"
}
],
"source": {
"advisory": "GHSA-q4jr-5p56-4xwc",
"discovery": "UNKNOWN"
},
"title": "Redis SORT_RO may bypass ACL configuration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41053",
"datePublished": "2023-09-06T20:22:30.797Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2025-02-13T17:08:48.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24834 (GCVE-0-2022-24834)
Vulnerability from cvelistv5 – Published: 2023-07-13 14:35 – Updated: 2025-02-13 16:32
VLAI?
EPSS
Title
Heap overflow issue with the Lua cjson library used by Redis
Summary
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Severity ?
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230814-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "redis",
"vendor": "redis",
"versions": [
{
"lessThan": "7.0.12",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.0.20",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24834",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T03:55:18.658874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T12:41:07.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.0.12"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.13"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.20"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-14T18:06:31.299Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230814-0006/"
}
],
"source": {
"advisory": "GHSA-p8x2-9v9q-c838",
"discovery": "UNKNOWN"
},
"title": "Heap overflow issue with the Lua cjson library used by Redis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24834",
"datePublished": "2023-07-13T14:35:41.181Z",
"dateReserved": "2022-02-10T16:41:34.931Z",
"dateUpdated": "2025-02-13T16:32:24.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32627 (GCVE-0-2021-32627)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:35 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Integer overflow issue with Streams in Redis
Summary
Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:28",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-f434-69fm-g45v",
"discovery": "UNKNOWN"
},
"title": "Integer overflow issue with Streams in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32627",
"STATE": "PUBLIC",
"TITLE": "Integer overflow issue with Streams in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.0.0, \u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-f434-69fm-g45v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32627",
"datePublished": "2021-10-04T17:35:16",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31227 (GCVE-0-2024-31227)
Vulnerability from cvelistv5 – Published: 2024-10-07 19:51 – Updated: 2024-10-07 20:20
VLAI?
EPSS
Title
Denial-of-service due to malformed ACL selectors in Redis
Summary
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
4.4 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-07T20:20:44.399182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T20:20:56.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.6"
},
{
"status": "affected",
"version": "\u003e= 7.3.0, \u003c 7.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:51:04.520Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh"
},
{
"name": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a"
}
],
"source": {
"advisory": "GHSA-38p4-26x2-vqhh",
"discovery": "UNKNOWN"
},
"title": "Denial-of-service due to malformed ACL selectors in Redis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31227",
"datePublished": "2024-10-07T19:51:04.520Z",
"dateReserved": "2024-03-29T14:16:31.902Z",
"dateUpdated": "2024-10-07T20:20:56.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32628 (GCVE-0-2021-32628)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:35 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Vulnerability in handling large ziplists
Summary
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003c 5.0.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:46",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-vw22-qm3h-49pr",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in handling large ziplists",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32628",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in handling large ziplists"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003c 5.0.14"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr"
},
{
"name": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-vw22-qm3h-49pr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32628",
"datePublished": "2021-10-04T17:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32672 (GCVE-0-2021-32672)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:40 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Vulnerability in Lua Debugger in Redis
Summary
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2.0, \u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:41",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-9mj9-xx53-qmxm",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in Lua Debugger in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32672",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in Lua Debugger in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.2.0, \u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm"
},
{
"name": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-9mj9-xx53-qmxm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32672",
"datePublished": "2021-10-04T17:40:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41099 (GCVE-0-2021-41099)
Vulnerability from cvelistv5 – Published: 2021-10-04 18:05 – Updated: 2024-08-04 02:59
VLAI?
EPSS
Title
Integer overflow issue with strings in Redis
Summary
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:43",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-j3cr-9h5g-6cph",
"discovery": "UNKNOWN"
},
"title": "Integer overflow issue with strings in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41099",
"STATE": "PUBLIC",
"TITLE": "Integer overflow issue with strings in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.2.0, 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph"
},
{
"name": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-j3cr-9h5g-6cph",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41099",
"datePublished": "2021-10-04T18:05:11",
"dateReserved": "2021-09-15T00:00:00",
"dateUpdated": "2024-08-04T02:59:31.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24736 (GCVE-0-2022-24736)
Vulnerability from cvelistv5 – Published: 2022-04-27 19:55 – Updated: 2025-04-22 18:02
VLAI?
EPSS
Title
A Malformed Lua script can crash Redis
Summary
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/pull/10651"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24736",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:48:18.596255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:02:34.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 6.2.7"
},
{
"status": "affected",
"version": "\u003c 7.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:32.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/pull/10651"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-3qpw-7686-5984",
"discovery": "UNKNOWN"
},
"title": "A Malformed Lua script can crash Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24736",
"STATE": "PUBLIC",
"TITLE": "A Malformed Lua script can crash Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 6.2.7"
},
{
"version_value": "\u003c 7.0.0"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476: NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/pull/10651",
"refsource": "MISC",
"url": "https://github.com/redis/redis/pull/10651"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.7",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.2.7"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.0",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/7.0.0"
},
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984"
},
{
"name": "FEDORA-2022-6ed1ce2838",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/"
},
{
"name": "FEDORA-2022-a0a4c7eb31",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/"
},
{
"name": "FEDORA-2022-44373f6778",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220715-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220715-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-3qpw-7686-5984",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24736",
"datePublished": "2022-04-27T19:55:10.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:02:34.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32626 (GCVE-0-2021-32626)
Vulnerability from cvelistv5 – Published: 2021-10-04 17:30 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Lua scripts can overflow the heap-based Lua stack in Redis
Summary
Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 2.6.0, \u003c 5.0.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:36",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-p486-xggp-782c",
"discovery": "UNKNOWN"
},
"title": "Lua scripts can overflow the heap-based Lua stack in Redis",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32626",
"STATE": "PUBLIC",
"TITLE": "Lua scripts can overflow the heap-based Lua stack in Redis"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 2.6.0, \u003c 5.0.14"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c"
},
{
"name": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-p486-xggp-782c",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32626",
"datePublished": "2021-10-04T17:30:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46818 (GCVE-0-2025-46818)
Vulnerability from cvelistv5 – Published: 2025-10-03 18:38 – Updated: 2025-10-03 19:14
VLAI?
EPSS
Title
Redis: Authenticated users can execute LUA scripts as a different user
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Severity ?
6 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T19:02:57.936547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T19:14:19.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T18:38:57.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"
},
{
"name": "https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"
},
{
"name": "https://github.com/redis/redis/releases/tag/8.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
}
],
"source": {
"advisory": "GHSA-qrv7-wcrx-q5jp",
"discovery": "UNKNOWN"
},
"title": "Redis: Authenticated users can execute LUA scripts as a different user"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46818",
"datePublished": "2025-10-03T18:38:57.170Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-10-03T19:14:19.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3647 (GCVE-0-2022-3647)
Vulnerability from cvelistv5 – Published: 2022-10-21 00:00 – Updated: 2025-04-15 13:24 Disputed
VLAI?
EPSS
Title
Redis Crash Report debug.c sigsegvHandler denial of service
Summary
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
arkamar (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3647",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:59:14.740801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:24:41.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Crash Report"
],
"product": "Redis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "arkamar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Redis bis 6.2.7/7.0.5 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sigsegvHandler der Datei debug.c der Komponente Crash Report. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Ein Aktualisieren auf die Version 6.2.8 and 7.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0bf90d944313919eb8e63d3588bf63a367f020a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:30:49.145Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-10-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-06T10:30:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Redis Crash Report debug.c sigsegvHandler denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3647",
"datePublished": "2022-10-21T00:00:00.000Z",
"dateReserved": "2022-10-21T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:24:41.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10192 (GCVE-0-2019-10192)
Vulnerability from cvelistv5 – Published: 2019-07-11 18:30 – Updated: 2024-08-04 22:17
VLAI?
EPSS
Summary
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
Severity ?
7.2 (High)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | redis |
Affected:
3.x before 3.2.13
Affected: 4.x before 4.0.14 Affected: 5.x before 5.0.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:17:18.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1860"
},
{
"name": "RHSA-2019:2002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"name": "RHSA-2019:2508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2508"
},
{
"name": "RHSA-2019:2506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2506"
},
{
"name": "RHSA-2019:2621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2621"
},
{
"name": "RHSA-2019:2630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2630"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "3.x before 3.2.13"
},
{
"status": "affected",
"version": "4.x before 4.0.14"
},
{
"status": "affected",
"version": "5.x before 5.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:23:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4480",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:1860",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1860"
},
{
"name": "RHSA-2019:2002",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"name": "RHSA-2019:2508",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2508"
},
{
"name": "RHSA-2019:2506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2506"
},
{
"name": "RHSA-2019:2621",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2621"
},
{
"name": "RHSA-2019:2630",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2630"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-10192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "3.x before 3.2.13"
},
{
"version_value": "4.x before 4.0.14"
},
{
"version_value": "5.x before 5.0.4"
}
]
}
}
]
},
"vendor_name": "Redis Labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.2/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4480",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4480"
},
{
"name": "20190712 [SECURITY] [DSA 4480-1] redis security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/19"
},
{
"name": "USN-4061-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4061-1/"
},
{
"name": "109290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109290"
},
{
"name": "RHSA-2019:1819",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1819"
},
{
"name": "RHSA-2019:1860",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1860"
},
{
"name": "RHSA-2019:2002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2002"
},
{
"name": "GLSA-201908-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-04"
},
{
"name": "RHSA-2019:2508",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2508"
},
{
"name": "RHSA-2019:2506",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2506"
},
{
"name": "RHSA-2019:2621",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2621"
},
{
"name": "RHSA-2019:2630",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2630"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10192",
"datePublished": "2019-07-11T18:30:33.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:17:18.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41056 (GCVE-0-2023-41056)
Vulnerability from cvelistv5 – Published: 2024-01-10 15:59 – Updated: 2025-06-17 14:42
VLAI?
EPSS
Title
Redis vulnerable to integer overflow in certain payloads
Summary
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Severity ?
8.1 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.15",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.15"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.2.4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/7.2.4"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T14:41:47.275229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T14:42:05.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.9, \u003c 7.0.15"
},
{
"status": "affected",
"version": "\u003e= 7.2.0, \u003c 7.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-762",
"description": "CWE-762: Mismatched Memory Management Routines",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-23T16:05:54.365Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.0.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.0.15"
},
{
"name": "https://github.com/redis/redis/releases/tag/7.2.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/7.2.4"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
}
],
"source": {
"advisory": "GHSA-xr47-pcmx-fq2m",
"discovery": "UNKNOWN"
},
"title": "Redis vulnerable to integer overflow in certain payloads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41056",
"datePublished": "2024-01-10T15:59:36.752Z",
"dateReserved": "2023-08-22T16:57:23.934Z",
"dateUpdated": "2025-06-17T14:42:05.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46817 (GCVE-0-2025-46817)
Vulnerability from cvelistv5 – Published: 2025-10-03 17:52 – Updated: 2025-10-03 18:32
VLAI?
EPSS
Title
Lua library commands may lead to integer overflow and potential RCE
Summary
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T18:31:53.907831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T18:32:16.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 8.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:52:48.478Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"
},
{
"name": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"
},
{
"name": "https://github.com/redis/redis/releases/tag/8.2.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
}
],
"source": {
"advisory": "GHSA-m8fj-85cg-7vhp",
"discovery": "UNKNOWN"
},
"title": "Lua library commands may lead to integer overflow and potential RCE"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46817",
"datePublished": "2025-10-03T17:52:48.478Z",
"dateReserved": "2025-04-30T19:41:58.134Z",
"dateUpdated": "2025-10-03T18:32:16.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-31449 (GCVE-0-2024-31449)
Vulnerability from cvelistv5 – Published: 2024-10-07 19:51 – Updated: 2024-11-19 04:55
VLAI?
EPSS
Title
Lua library commands may lead to stack overflow and RCE in Redis
Summary
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity ?
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "redis",
"vendor": "redis",
"versions": [
{
"lessThan": "6.2.16",
"status": "affected",
"version": "2.6",
"versionType": "custom"
},
{
"lessThan": "7.2.6",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "7.4.1",
"status": "affected",
"version": "7.3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31449",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T04:55:42.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6, \u003c 6.2.16"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.6"
},
{
"status": "affected",
"version": "\u003e= 7.3.0, \u003c 7.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-07T19:51:08.775Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5"
},
{
"name": "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9"
}
],
"source": {
"advisory": "GHSA-whxg-wx83-85p5",
"discovery": "UNKNOWN"
},
"title": "Lua library commands may lead to stack overflow and RCE in Redis"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31449",
"datePublished": "2024-10-07T19:51:08.775Z",
"dateReserved": "2024-04-03T17:55:32.646Z",
"dateUpdated": "2024-11-19T04:55:42.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32762 (GCVE-0-2021-32762)
Vulnerability from cvelistv5 – Published: 2021-10-04 18:00 – Updated: 2024-08-03 23:33
VLAI?
EPSS
Title
Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
Summary
Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:31",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71"
},
{
"name": "FEDORA-2021-8913c7900c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-833w-8v3m-8wwr",
"discovery": "UNKNOWN"
},
"title": "Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32762",
"STATE": "PUBLIC",
"TITLE": "Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.14"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.16"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.6"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr"
},
{
"name": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71"
},
{
"name": "FEDORA-2021-8913c7900c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/"
},
{
"name": "FEDORA-2021-61c487f241",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/"
},
{
"name": "FEDORA-2021-aa94492a09",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0003/"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-833w-8v3m-8wwr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32762",
"datePublished": "2021-10-04T18:00:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32625 (GCVE-0-2021-32625)
Vulnerability from cvelistv5 – Published: 2021-06-02 19:35 – Updated: 2024-08-03 23:25
VLAI?
EPSS
Title
Redis vulnerability in STRALGO LCS on 32-bit systems
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
Severity ?
7.5 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:23:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
},
"title": "Redis vulnerability in STRALGO LCS on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32625",
"STATE": "PUBLIC",
"TITLE": "Redis vulnerability in STRALGO LCS on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 6.0.14"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.0.14",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.4",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
]
},
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32625",
"datePublished": "2021-06-02T19:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14147 (GCVE-0-2020-14147)
Vulnerability from cvelistv5 – Published: 2020-06-15 16:52 – Updated: 2024-08-04 12:39
VLAI?
EPSS
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14147",
"datePublished": "2020-06-15T16:52:45",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8080 (GCVE-0-2015-8080)
Vulnerability from cvelistv5 – Published: 2016-04-13 15:00 – Updated: 2024-08-06 08:06
VLAI?
EPSS
Summary
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES"
},
{
"name": "openSUSE-SU-2016:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html"
},
{
"name": "RHSA-2016:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0097.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES"
},
{
"name": "DSA-3412",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3412"
},
{
"name": "RHSA-2016:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0095.html"
},
{
"name": "[oss-security] 20151106 Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/2"
},
{
"name": "77507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/issues/2855"
},
{
"name": "RHSA-2016:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0096.html"
},
{
"name": "GLSA-201702-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-16"
},
{
"name": "[oss-security] 20151106 Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES"
},
{
"name": "openSUSE-SU-2016:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html"
},
{
"name": "RHSA-2016:0097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0097.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES"
},
{
"name": "DSA-3412",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3412"
},
{
"name": "RHSA-2016:0095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0095.html"
},
{
"name": "[oss-security] 20151106 Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/2"
},
{
"name": "77507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/issues/2855"
},
{
"name": "RHSA-2016:0096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0096.html"
},
{
"name": "GLSA-201702-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-16"
},
{
"name": "[oss-security] 20151106 Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES",
"refsource": "CONFIRM",
"url": "https://raw.githubusercontent.com/antirez/redis/2.8/00-RELEASENOTES"
},
{
"name": "openSUSE-SU-2016:1444",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00126.html"
},
{
"name": "RHSA-2016:0097",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0097.html"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES",
"refsource": "CONFIRM",
"url": "https://raw.githubusercontent.com/antirez/redis/3.0/00-RELEASENOTES"
},
{
"name": "DSA-3412",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3412"
},
{
"name": "RHSA-2016:0095",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0095.html"
},
{
"name": "[oss-security] 20151106 Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/2"
},
{
"name": "77507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77507"
},
{
"name": "https://github.com/antirez/redis/issues/2855",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/2855"
},
{
"name": "RHSA-2016:0096",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0096.html"
},
{
"name": "GLSA-201702-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-16"
},
{
"name": "[oss-security] 20151106 Re: Review+CVE request: multiple issues in redis EVAL command (lua sandbox)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/06/4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8080",
"datePublished": "2016-04-13T15:00:00.000Z",
"dateReserved": "2015-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…