redislabs 漏洞與 CVE 列表(26)

產品(CPE): — CVE 數: 26

redislabs 漏洞概覽

彙總 redislabs 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 緩衝區溢位與記憶體損壞 等問題,部分漏洞可能導致 異常行為,並影響 資料儲存與資料存取 相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12026 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-47003 An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. [email protected] 9.8 1.09% 2023-11-16 2026-06-17
CVE-2023-47004 Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication. [email protected] 8.8 1.04% 2023-11-06 2026-06-17
CVE-2020-21468 A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 [email protected] 7.5 1.21% 2021-09-20 2026-06-16
CVE-2021-32761 Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration pa [email protected] 7.5 31.05% 2021-07-21 2026-06-16
CVE-2021-32625 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to [email protected] 7.5 4.21% 2021-06-02 2026-06-16
CVE-2021-29478 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set [email protected] 7.5 3.63% 2021-05-04 2026-06-16
CVE-2021-29477 Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the [email protected] 7.5 4.03% 2021-05-04 2026-06-16
CVE-2021-3470 A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc. [email protected] 5.3 1.14% 2021-03-31 2026-06-17
CVE-2021-21309 Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger severa [email protected] 5.4 4.74% 2021-02-26 2026-06-16
CVE-2020-35668 RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. [email protected] 7.5 1.60% 2020-12-23 2026-06-16
CVE-2020-14147 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. [email protected] 7.7 3.08% 2020-06-15 2026-06-16
CVE-2020-7105 async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked. [email protected] 7.5 2.77% 2020-01-15 2026-06-16
CVE-2013-0180 Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. [email protected] 5.5 0.32% 2019-11-01 2026-06-16
CVE-2013-0178 Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. [email protected] 5.5 0.41% 2019-11-01 2026-06-16
CVE-2019-10193 A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. [email protected] 7.2 23.70% 2019-07-11 2026-06-16
CVE-2019-10192 A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. [email protected] 7.2 26.05% 2019-07-11 2026-06-16
CVE-2018-11219 An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. [email protected] 9.8 7.06% 2018-06-17 2026-06-16
CVE-2018-11218 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. [email protected] 9.8 59.42% 2018-06-17 2026-06-16
CVE-2018-12326 Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source. [email protected] 8.4 2.68% 2018-06-17 2026-06-16
CVE-2018-12453 Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. [email protected] 7.5 24.18% 2018-06-16 2026-06-16
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence