Debian Redis vulnerabilities

CVE-2016-8339 [CRITICAL] CVE-2016-8339: redis - A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution ... A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in

CVE-2016-10517 [HIGH] CVE-2016-10517: redis - networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it ... networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). Scope: local bookworm: resolved (fixed in 3:3.2.7-1) bullseye: resolved (fixed in 3:3.2.7-1) forky: resolved (fixed in 3:3

CVE-2016-2121 [MEDIUM] CVE-2016-2121: redis - A permissions flaw was found in redis, which sets weak permissions on certain fi... A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive information. A local, unprivileged user could possibly use this flaw to access unauthorized system information. Scope: local bookworm: resolved (fixed in 3:3.2.5-2) bullseye: resolved (fixed in 3:3.2.5-2) forky: resolved (fixed i

CVE-2015-4335 [CRITICAL] CVE-2015-4335: redis - Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbi... Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. Scope: local bookworm: resolved (fixed in 2:3.0.2-1) bullseye: resolved (fixed in 2:3.0.2-1) forky: resolved (fixed in 2:3.0.2-1) sid: resolved (fixed in 2:3.0.2-1) trixie: resolved (fixed in 2:3.0.2-1)

CVE-2015-8080 [HIGH] CVE-2015-8080: redis - Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.... Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer ov

CVE-2013-0180 [MEDIUM] CVE-2013-0180: redis - Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. Scope: local bookworm: resolved (fixed in 2:2.6.7-1) bullseye: resolved (fixed in 2:2.6.7-1) forky: resolved (fixed in 2:2.6.7-1) sid: resolved (fixed in 2:2.6.7-1) trixie: resolved (fixed in 2:2.6.7-1)

CVE-2013-0178 [MEDIUM] CVE-2013-0178: redis - Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-... Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. Scope: local bookworm: resolved (fixed in 2:2.6.0-1) bullseye: resolved (fixed in 2:2.6.0-1) forky: resolved (fixed in 2:2.6.0-1) sid: resolved (fixed in 2:2.6.0-1) trixie: resolved (fixed in 2:2.6.0-1)

CVE-2013-7458 [LOW] CVE-2013-7458: redis - linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .r... linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file. Scope: local bookworm: resolved (fixed in 2:3.2.1-4) bullseye: resolved (fixed in 2:3.2.1-4) forky: resolved (fixed in 2:3.2.1-4) sid: resolved (fixed in 2:3.2.1-4) trixie: resolved (fixed in 2:3.2.