Redislabs: >> Redis >> 3.0.3 Security Vulnerabilities
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVSS Score
3.3
EPSS Score
0.0
Published
2016-08-10
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.012
Published
2016-04-13
Page 2