Vulnerabilities > Redislabs > Redis > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-3470 Out-of-bounds Write vulnerability in Redislabs Redis
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash.
network
low complexity
redislabs CWE-787
5.0
2020-06-15 CVE-2020-14147 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs oracle suse debian CWE-190
4.0
2019-07-11 CVE-2019-10193 Out-of-bounds Write vulnerability in multiple products
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
6.5
2019-07-11 CVE-2019-10192 Out-of-bounds Write vulnerability in multiple products
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4.
network
low complexity
redislabs redhat debian canonical oracle CWE-787
6.5
2018-06-17 CVE-2018-12326 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Redislabs Redis
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line.
local
low complexity
redislabs CWE-119
4.6
2018-06-16 CVE-2018-12453 Incorrect Type Conversion or Cast vulnerability in Redislabs Redis
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
network
low complexity
redislabs CWE-704
5.0
2017-10-24 CVE-2016-10517 7PK - Security Features vulnerability in Redislabs Redis
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
network
redislabs CWE-254
4.3
2016-04-13 CVE-2015-8080 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow.
network
low complexity
redislabs debian opensuse redhat CWE-190
5.0