Redislabs: >> Redis >> 3.2.1 Security Vulnerabilities
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
CVSS Score
6.6
EPSS Score
0.025
Published
2016-10-28
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
CVSS Score
3.3
EPSS Score
0.0
Published
2016-08-10
Page 2