Vulnerabilities > Redislabs

DATE CVE VULNERABILITY TITLE RISK
2020-06-15 CVE-2020-14147 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs oracle suse debian CWE-190
7.7
2020-01-16 CVE-2020-7105 NULL Pointer Dereference vulnerability in multiple products
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
network
low complexity
redislabs debian fedoraproject CWE-476
7.5
2019-11-01 CVE-2013-0180 Improper Input Validation vulnerability in Redislabs Redis 2.6.0
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
local
low complexity
redislabs CWE-20
5.5
2019-11-01 CVE-2013-0178 Improper Input Validation vulnerability in Redislabs Redis
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
local
low complexity
redislabs CWE-20
5.5
2019-07-11 CVE-2019-10193 Out-of-bounds Write vulnerability in multiple products
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
7.2
2019-07-11 CVE-2019-10192 Out-of-bounds Write vulnerability in multiple products
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
7.2
2018-06-17 CVE-2018-11219 Integer Overflow or Wraparound vulnerability in multiple products
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
network
low complexity
redislabs debian oracle redhat CWE-190
critical
9.8
2018-06-17 CVE-2018-11218 Out-of-bounds Write vulnerability in multiple products
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
network
low complexity
redislabs debian oracle redhat CWE-787
critical
9.8
2018-06-17 CVE-2018-12326 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line.
local
low complexity
redislabs CWE-119
8.4
2018-06-16 CVE-2018-12453 Incorrect Type Conversion or Cast vulnerability in Redislabs Redis
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
network
low complexity
redislabs CWE-704
7.5