An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Max CVSS
9.8
EPSS Score
2.75%
Published
2018-06-17
Updated
2021-08-04
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
Max CVSS
9.8
EPSS Score
2.19%
Published
2018-06-17
Updated
2021-08-04
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-10-06
Updated
2020-08-28
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
Max CVSS
9.8
EPSS Score
1.02%
Published
2016-10-28
Updated
2023-01-30
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Max CVSS
10.0
EPSS Score
1.94%
Published
2015-06-09
Updated
2018-08-13
5 vulnerabilities found