Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Redis
(Redislabs)| Repositories | https://github.com/antirez/redis |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-11 | CVE-2019-10193 | A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | Ubuntu_linux, Debian_linux, Communications_operations_monitor, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Openstack, Redis | 7.2 | ||
| 2018-06-17 | CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | Debian_linux, Communications_operations_monitor, Openstack, Redis | 9.8 | ||
| 2018-06-17 | CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | Debian_linux, Communications_operations_monitor, Openstack, Redis | 9.8 | ||
| 2017-10-06 | CVE-2017-15047 | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." | Redis | 9.8 | ||
| 2019-11-01 | CVE-2013-0180 | Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | Redis | N/A | ||
| 2019-11-01 | CVE-2013-0178 | Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | Redis | N/A | ||
| 2018-06-16 | CVE-2018-12453 | Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | Redis | 7.5 | ||
| 2018-06-17 | CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. | Redis | 8.4 | ||
| 2017-10-24 | CVE-2016-10517 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | Redis | 7.4 | ||
| 2016-08-10 | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. | Debian_linux, Redis | 3.3 |