CVE-2015-4335

CWE-177 documents7 sources
Severity
10.0CRITICAL
EPSS
8.1%
top 7.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redislabs RedisDebian Debian Linux
Timeline
PublishedJun 9
Latest updateMay 14

Description

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianredis< 2:3.0.2-1+3
NVDredislabs/redis2.8.20+2

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-8jrq-fcj6-7g3q: Redis before 22022-05-14
OSV
CVE-2015-4335: Redis before 22015-06-09
CVEList
CVE-2015-4335: Redis before 22015-06-09

📋Vendor Advisories

2
Red Hat
redis: Lua sandbox escape and arbitrary code execution2015-06-04
Debian
CVE-2015-4335: redis - Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbi...2015

💬Community

1
Bugzilla
CVE-2015-4335 redis: Lua sandbox escape and arbitrary code execution2015-06-04
CVE-2015-4335 (CRITICAL CVSS 10) | Redis before 2.8.21 and 3.x before | cvebase.io