Search CVE reports
1 – 10 of 59 results
CVE-2023-41056
Medium priorityRedis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-45145
Medium prioritySome fixes available 5 of 7
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-41053
Medium priorityRedis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2021-31294
Medium priorityRedis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2022-24834
Medium prioritySome fixes available 5 of 7
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-36824
Medium priorityRedis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory,...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-31655
Medium priorityredis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-28856
Medium prioritySome fixes available 5 of 7
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been...
1 affected packages
redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
redis | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2023-28859
Medium priorityredis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example,...
1 affected packages
python-redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-redis | Vulnerable | Not affected | Not affected | Not affected | Not affected |
CVE-2023-28858
Medium priorityredis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was...
1 affected packages
python-redis
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-redis | Vulnerable | Not affected | Not affected | Not affected | Not affected |