Debian Redis vulnerabilities

CVE-2021-32626 [HIGH] CVE-2021-32626: redis - Redis is an open source, in-memory database that persists on disk. In affected v... Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scrip

CVE-2021-32687 [HIGH] CVE-2021-32687: redis - Redis is an open source, in-memory database that persists on disk. An integer ov... Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large va

CVE-2021-32762 [HIGH] CVE-2021-32762: redis - Redis is an open source, in-memory database that persists on disk. The redis-cli... Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() he

CVE-2021-32627 [HIGH] CVE-2021-32627: redis - Redis is an open source, in-memory database that persists on disk. In affected v... Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing s

CVE-2021-32675 [HIGH] CVE-2021-32675: redis - Redis is an open source, in-memory database that persists on disk. When parsing ... Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple con

CVE-2021-29478 [HIGH] CVE-2021-29478: redis - Redis is an open source (BSD licensed), in-memory data structure store, used as ... Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additi

CVE-2021-41099 [HIGH] CVE-2021-41099: redis - Redis is an open source, in-memory database that persists on disk. An integer ov... Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially cr

CVE-2021-31294 [MEDIUM] CVE-2021-31294: redis - Redis before 6cbea7d allows a replica to cause an assertion failure in a primary... Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this. Scope: local bookworm: resolved (fixed in 5:7.0.1-4) bullseye: open forky:

CVE-2021-32672 [MEDIUM] CVE-2021-32672: redis - Redis is an open source, in-memory database that persists on disk. When using th... Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. Scope: l

CVE-2021-21309 [MEDIUM] CVE-2021-21309: redis - Redis is an open-source, in-memory database that persists on disk. In affected v... Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is

CVE-2021-3470 [MEDIUM] CVE-2021-3470: redis - A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9... A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. Scope: local bookworm: resolved (fixed in 5:6.0

CVE-2020-14147 [HIGH] CVE-2020-14147: redis - An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3... An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue

CVE-2020-21468 [HIGH] CVE-2020-21468: redis - A segmentation fault in the redis-server component of Redis 5.0.7 leads to a den... A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2019-10193 [HIGH] CVE-2019-10193: redis - A stack-buffer overflow vulnerability was found in the Redis hyperloglog data st... A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. Scope: local bookworm: resolved (fi

CVE-2019-10192 [HIGH] CVE-2019-10192: redis - A heap-buffer overflow vulnerability was found in the Redis hyperloglog data str... A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. Scope: local boo

CVE-2018-11218 [CRITICAL] CVE-2018-11218: redis - Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in... Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Scope: local bookworm: resolved (fixed in 5:4.0.10-1) bullseye: resolved (fixed in 5:4.0.10-1) forky: resolved (fixed in 5:4.0.10-1) sid: resolved (fixed in 5:4.0.10-1) trixie: reso

CVE-2018-11219 [CRITICAL] CVE-2018-11219: redis - An Integer Overflow issue was discovered in the struct library in the Lua subsys... An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Scope: local bookworm: resolved (fixed in 5:4.0.10-1) bullseye: resolved (fixed in 5:4.0.10-1) forky: resolved (fixed in 5:4.0.10-1) sid: resolved (fixed in 5:4.0.10-1) trixi

CVE-2018-12326 [HIGH] CVE-2018-12326: redis - Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allow... Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. Scope: local bookworm: reso

CVE-2018-12453 [HIGH] CVE-2018-12453: redis - Type confusion in the xgroupCommand function in t_stream.c in redis-server in Re... Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-15047 [CRITICAL] CVE-2017-15047: redis - The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to c... The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine." Scope: local bookworm: resolved (fixed in 4:4.0.2-5) bullseye: resolved (fixed in 4:4.0.2-5) forky: resolved (fixed in 4:4