Redislabs: Security Vulnerabilities
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
CVSS Score
7.7
EPSS Score
0.003
Published
2020-06-15
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
CVSS Score
7.5
EPSS Score
0.009
Published
2020-01-16
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
CVSS Score
5.5
EPSS Score
0.001
Published
2019-11-01
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-11-01
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer.
CVSS Score
7.2
EPSS Score
0.225
Published
2019-07-11
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
CVSS Score
7.2
EPSS Score
0.345
Published
2019-07-11
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVSS Score
9.8
EPSS Score
0.096
Published
2018-06-17
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVSS Score
9.8
EPSS Score
0.035
Published
2018-06-17
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS Score
8.4
EPSS Score
0.108
Published
2018-06-17
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
CVSS Score
7.5
EPSS Score
0.32
Published
2018-06-16