Vulnerabilities > Redislabs > Redis > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-21 | CVE-2021-32761 | Integer Overflow to Buffer Overflow vulnerability in multiple products Redis is an in-memory database that persists on disk. | 7.5 |
| 2021-03-31 | CVE-2021-3470 | Out-of-bounds Write vulnerability in Redislabs Redis A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. | 5.0 |
| 2021-02-26 | CVE-2021-21309 | Integer Overflow or Wraparound vulnerability in Redislabs Redis Redis is an open-source, in-memory database that persists on disk. | 8.8 |
| 2020-06-15 | CVE-2020-14147 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | 4.0 |
| 2019-07-11 | CVE-2019-10193 | Out-of-bounds Write vulnerability in multiple products A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. | 6.5 |
| 2019-07-11 | CVE-2019-10192 | Out-of-bounds Write vulnerability in multiple products A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. | 6.5 |
| 2018-06-17 | CVE-2018-11219 | Integer Overflow or Wraparound vulnerability in multiple products An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | 7.5 |
| 2018-06-17 | CVE-2018-11218 | Out-of-bounds Write vulnerability in multiple products Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | 7.5 |
| 2018-06-17 | CVE-2018-12326 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. | 4.6 |
| 2018-06-16 | CVE-2018-12453 | Incorrect Type Conversion or Cast vulnerability in Redislabs Redis Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | 5.0 |