All the vulnerabilites related to redis - redis
cve-2021-29478
Vulnerability from cvelistv5
Published
2021-05-04 16:00
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
Vulnerability in the COPY command for large intsets
References
▼ | URL | Tags |
---|---|---|
https://redis.io/ | x_refsource_MISC | |
https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3 | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ | vendor-advisory, x_refsource_FEDORA | |
https://security.gentoo.org/glsa/202107-20 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:05.417Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://redis.io/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3" }, { "name": "FEDORA-2021-3b267a756c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "GLSA-202107-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.3" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-09T08:06:21", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://redis.io/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3" }, { "name": "FEDORA-2021-3b267a756c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "GLSA-202107-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202107-20" } ], "source": { "advisory": "GHSA-qh52-crrg-44g3", "discovery": "UNKNOWN" }, "title": "Vulnerability in the COPY command for large intsets", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29478", "STATE": "PUBLIC", "TITLE": "Vulnerability in the COPY command for large intsets" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 6.2.0, \u003c 6.2.3" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://redis.io/", "refsource": "MISC", "url": "https://redis.io/" }, { "name": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3" }, { "name": "FEDORA-2021-3b267a756c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "GLSA-202107-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-20" } ] }, "source": { "advisory": "GHSA-qh52-crrg-44g3", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29478", "datePublished": "2021-05-04T16:00:23", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:11:05.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35977
Vulnerability from cvelistv5
Published
2023-01-20 18:19
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Integer overflow in certain command arguments can drive Redis to OOM panic
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.0.17 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.2.9 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/7.0.8 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:51:59.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j" }, { "name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7" }, { "name": "https://github.com/redis/redis/releases/tag/6.0.17", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.0.17" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.9", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0, \u003c 7.0.8" }, { "status": "affected", "version": "\u003e= 6.2, \u003c 6.2.9" }, { "status": "affected", "version": "\u003c 6.0.17" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T18:19:27.692Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j" }, { "name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7" }, { "name": "https://github.com/redis/redis/releases/tag/6.0.17", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.0.17" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.8" } ], "source": { "advisory": "GHSA-mrcw-fhw9-fj8j", "discovery": "UNKNOWN" }, "title": "Integer overflow in certain command arguments can drive Redis to OOM panic" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35977", "datePublished": "2023-01-20T18:19:27.692Z", "dateReserved": "2022-07-15T23:52:24.278Z", "dateUpdated": "2024-08-03T09:51:59.221Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32672
Vulnerability from cvelistv5
Published
2021-10-04 17:40
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Vulnerability in Lua Debugger in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:31.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 3.2.0, \u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:41", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-9mj9-xx53-qmxm", "discovery": "UNKNOWN" }, "title": "Vulnerability in Lua Debugger in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32672", "STATE": "PUBLIC", "TITLE": "Vulnerability in Lua Debugger in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 3.2.0, \u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.0.0, \u003c 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger\u2019s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm" }, { "name": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-9mj9-xx53-qmxm", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32672", "datePublished": "2021-10-04T17:40:10", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.094Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31655
Vulnerability from cvelistv5
Published
2023-05-18 00:00
Modified
2024-08-02 14:56
Severity ?
EPSS score ?
Summary
redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:56:35.666Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/RedisLabs/redisraft/issues/608" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230616-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-07T19:17:32.661654", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/RedisLabs/redisraft/issues/608" }, { "url": "https://security.netapp.com/advisory/ntap-20230616-0005/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-31655", "datePublished": "2023-05-18T00:00:00", "dateReserved": "2023-04-29T00:00:00", "dateUpdated": "2024-08-02T14:56:35.666Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-33105
Vulnerability from cvelistv5
Published
2022-06-22 13:13
Modified
2024-08-03 08:01
Severity ?
EPSS score ?
Summary
Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef | x_refsource_MISC | |
https://github.com/redis/redis/pull/10753 | x_refsource_MISC | |
https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES | x_refsource_MISC | |
https://github.com/redis/redis/pull/10829 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220729-0005/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T08:01:19.536Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/10753" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/10829" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0005/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/10753" }, { "tags": [ "x_refsource_MISC" ], "url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/10829" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220729-0005/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-33105", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef" }, { "name": "https://github.com/redis/redis/pull/10753", "refsource": "MISC", "url": "https://github.com/redis/redis/pull/10753" }, { "name": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES", "refsource": "MISC", "url": "https://raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES" }, { "name": "https://github.com/redis/redis/pull/10829", "refsource": "MISC", "url": "https://github.com/redis/redis/pull/10829" }, { "name": "https://security.netapp.com/advisory/ntap-20220729-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220729-0005/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-33105", "datePublished": "2022-06-22T13:13:56", "dateReserved": "2022-06-13T00:00:00", "dateUpdated": "2024-08-03T08:01:19.536Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31449
Vulnerability from cvelistv5
Published
2024-10-07 19:51
Modified
2024-10-07 20:23
Severity ?
EPSS score ?
Summary
Lua library commands may lead to stack overflow and RCE in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5 | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 | x_refsource_MISC |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "redis", "vendor": "redis", "versions": [ { "lessThan": "6.2.16", "status": "affected", "version": "2.6", "versionType": "custom" }, { "lessThan": "7.2.6", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "7.4.1", "status": "affected", "version": "7.3.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-31449", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T20:21:23.094776Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T20:23:00.209Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 2.6, \u003c 6.2.16" }, { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.2.6" }, { "status": "affected", "version": "\u003e= 7.3.0, \u003c 7.4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T19:51:08.775Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5" }, { "name": "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9" } ], "source": { "advisory": "GHSA-whxg-wx83-85p5", "discovery": "UNKNOWN" }, "title": "Lua library commands may lead to stack overflow and RCE in Redis" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-31449", "datePublished": "2024-10-07T19:51:08.775Z", "dateReserved": "2024-04-03T17:55:32.646Z", "dateUpdated": "2024-10-07T20:23:00.209Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31227
Vulnerability from cvelistv5
Published
2024-10-07 19:51
Modified
2024-10-07 20:20
Severity ?
EPSS score ?
Summary
Denial-of-service due to malformed ACL selectors in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a | x_refsource_MISC |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31227", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T20:20:44.399182Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T20:20:56.702Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.2.6" }, { "status": "affected", "version": "\u003e= 7.3.0, \u003c 7.4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T19:51:04.520Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh" }, { "name": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a" } ], "source": { "advisory": "GHSA-38p4-26x2-vqhh", "discovery": "UNKNOWN" }, "title": "Denial-of-service due to malformed ACL selectors in Redis" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-31227", "datePublished": "2024-10-07T19:51:04.520Z", "dateReserved": "2024-03-29T14:16:31.902Z", "dateUpdated": "2024-10-07T20:20:56.702Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24735
Vulnerability from cvelistv5
Published
2022-04-27 19:43
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
Lua scripts can be manipulated to overcome ACL rules in Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/10651" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "name": "FEDORA-2022-6ed1ce2838", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 7.0.0" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.2.7" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:33", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/10651" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "name": "FEDORA-2022-6ed1ce2838", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-647m-2wmq-qmvq", "discovery": "UNKNOWN" }, "title": "Lua scripts can be manipulated to overcome ACL rules in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24735", "STATE": "PUBLIC", "TITLE": "Lua scripts can be manipulated to overcome ACL rules in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 7.0.0" }, { "version_value": "\u003e= 6.0.0, \u003c 6.2.7" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq" }, { "name": "https://github.com/redis/redis/pull/10651", "refsource": "MISC", "url": "https://github.com/redis/redis/pull/10651" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.7", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.0", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "name": "FEDORA-2022-6ed1ce2838", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-647m-2wmq-qmvq", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24735", "datePublished": "2022-04-27T19:43:27", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.279Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32687
Vulnerability from cvelistv5
Published
2021-10-04 17:55
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Integer overflow issue with intsets in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:31.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:44", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-m3mf-8x9w-r27q", "discovery": "UNKNOWN" }, "title": "Integer overflow issue with intsets in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32687", "STATE": "PUBLIC", "TITLE": "Integer overflow issue with intsets in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q" }, { "name": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644dec0f" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-m3mf-8x9w-r27q", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32687", "datePublished": "2021-10-04T17:55:10", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41053
Vulnerability from cvelistv5
Published
2023-09-06 20:22
Modified
2024-09-26 15:12
Severity ?
EPSS score ?
Summary
Redis SORT_RO may bypass ACL configuration
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:46:11.704Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc" }, { "name": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-41053", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:43:55.780393Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:12:37.194Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.13" }, { "status": "affected", "version": "\u003e= 7.1.0, \u003c 7.2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T20:22:30.797Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc" }, { "name": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLBPIUUD273UGRN2WAYHPVUAULY36QVL/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UA4MSJ623BH6HP5UHSJD2FOTN3QM5DQS/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YLYNYT52EHR63E7L7SHRTHEPUMAFFDLX/" } ], "source": { "advisory": "GHSA-q4jr-5p56-4xwc", "discovery": "UNKNOWN" }, "title": "Redis SORT_RO may bypass ACL configuration" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-41053", "datePublished": "2023-09-06T20:22:30.797Z", "dateReserved": "2023-08-22T16:57:23.933Z", "dateUpdated": "2024-09-26T15:12:37.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35951
Vulnerability from cvelistv5
Published
2022-09-23 00:00
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:51:59.205Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9" }, { "name": "FEDORA-2022-de7b3ceca6", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20221020-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-10-20T00:00:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9" }, { "name": "FEDORA-2022-de7b3ceca6", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202209-17" }, { "url": "https://security.netapp.com/advisory/ntap-20221020-0005/" } ], "source": { "advisory": "GHSA-5gc4-76rx-22c9", "discovery": "UNKNOWN" }, "title": "Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35951", "datePublished": "2022-09-23T00:00:00", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:51:59.205Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32628
Vulnerability from cvelistv5
Published
2021-10-04 17:35
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Vulnerability in handling large ziplists
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:30.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003c 5.0.14" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:46", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-vw22-qm3h-49pr", "discovery": "UNKNOWN" }, "title": "Vulnerability in handling large ziplists", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32628", "STATE": "PUBLIC", "TITLE": "Vulnerability in handling large ziplists" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003c 5.0.14" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr" }, { "name": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-vw22-qm3h-49pr", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32628", "datePublished": "2021-10-04T17:35:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.918Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32627
Vulnerability from cvelistv5
Published
2021-10-04 17:35
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Integer overflow issue with Streams in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3 | x_refsource_MISC | |
https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v | x_refsource_CONFIRM | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:30.868Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 5.0.0, \u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:28", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-f434-69fm-g45v", "discovery": "UNKNOWN" }, "title": "Integer overflow issue with Streams in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32627", "STATE": "PUBLIC", "TITLE": "Integer overflow issue with Streams in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 5.0.0, \u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80ae3" }, { "name": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-f434-69fm-g45v", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32627", "datePublished": "2021-10-04T17:35:16", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.868Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28425
Vulnerability from cvelistv5
Published
2023-03-20 19:03
Modified
2024-08-02 12:38
Severity ?
EPSS score ?
Summary
Specially crafted MSETNX command can lead to denial-of-service
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:38:25.331Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c" }, { "name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.10" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230413-0005/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.8, \u003c 7.0.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-20T19:03:37.983Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c" }, { "name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.10" }, { "url": "https://security.netapp.com/advisory/ntap-20230413-0005/" } ], "source": { "advisory": "GHSA-mvmm-4vq6-vw8c", "discovery": "UNKNOWN" }, "title": "Specially crafted MSETNX command can lead to denial-of-service" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-28425", "datePublished": "2023-03-20T19:03:37.983Z", "dateReserved": "2023-03-15T15:59:10.047Z", "dateUpdated": "2024-08-02T12:38:25.331Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41056
Vulnerability from cvelistv5
Published
2024-01-10 15:59
Modified
2024-08-02 18:46
Severity ?
EPSS score ?
Summary
Redis vulnerable to integer overflow in certain payloads
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:46:11.706Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.15", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.15" }, { "name": "https://github.com/redis/redis/releases/tag/7.2.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.2.4" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240223-0003/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.9, \u003c 7.0.15" }, { "status": "affected", "version": "\u003e= 7.2.0, \u003c 7.2.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-762", "description": "CWE-762: Mismatched Memory Management Routines", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-10T15:59:36.752Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.15", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.15" }, { "name": "https://github.com/redis/redis/releases/tag/7.2.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.2.4" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/" }, { "url": "https://security.netapp.com/advisory/ntap-20240223-0003/" } ], "source": { "advisory": "GHSA-xr47-pcmx-fq2m", "discovery": "UNKNOWN" }, "title": "Redis vulnerable to integer overflow in certain payloads" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-41056", "datePublished": "2024-01-10T15:59:36.752Z", "dateReserved": "2023-08-22T16:57:23.934Z", "dateUpdated": "2024-08-02T18:46:11.706Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24736
Vulnerability from cvelistv5
Published
2022-04-27 19:55
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
A Malformed Lua script can crash Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.463Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/10651" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984" }, { "name": "FEDORA-2022-6ed1ce2838", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 6.2.7" }, { "status": "affected", "version": "\u003c 7.0.0" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:32", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/10651" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984" }, { "name": "FEDORA-2022-6ed1ce2838", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-3qpw-7686-5984", "discovery": "UNKNOWN" }, "title": "A Malformed Lua script can crash Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24736", "STATE": "PUBLIC", "TITLE": "A Malformed Lua script can crash Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 6.2.7" }, { "version_value": "\u003c 7.0.0" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-476: NULL Pointer Dereference" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/pull/10651", "refsource": "MISC", "url": "https://github.com/redis/redis/pull/10651" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.7", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/6.2.7" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.0", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/7.0.0" }, { "name": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984" }, { "name": "FEDORA-2022-6ed1ce2838", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/" }, { "name": "FEDORA-2022-a0a4c7eb31", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/" }, { "name": "FEDORA-2022-44373f6778", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/" }, { "name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20220715-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220715-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-3qpw-7686-5984", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24736", "datePublished": "2022-04-27T19:55:10", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-31144
Vulnerability from cvelistv5
Published
2022-07-19 20:15
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Potential heap overflow in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh | x_refsource_CONFIRM | |
https://github.com/redis/redis/releases/tag/7.0.4 | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20220909-0002/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:11:39.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.4" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220909-0002/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:38", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.4" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220909-0002/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-96f7-42fg-2jrh", "discovery": "UNKNOWN" }, "title": "Potential heap overflow in Redis ", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31144", "STATE": "PUBLIC", "TITLE": "Potential heap overflow in Redis " }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 7.0.0, \u003c 7.0.4" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.4", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/7.0.4" }, { "name": "https://security.netapp.com/advisory/ntap-20220909-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220909-0002/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-96f7-42fg-2jrh", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31144", "datePublished": "2022-07-19T20:15:13", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:39.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31294
Vulnerability from cvelistv5
Published
2023-07-15 00:00
Modified
2024-10-30 18:29
Severity ?
EPSS score ?
Summary
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:55:53.538Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/redis/redis/issues/8712" }, { "tags": [ "x_transferred" ], "url": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f" }, { "tags": [ "x_transferred" ], "url": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0007/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2021-31294", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-30T18:29:37.407639Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-30T18:29:51.110Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-14T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/redis/redis/issues/8712" }, { "url": "https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f" }, { "url": "https://github.com/redis/redis/commit/46f4ebbe842620f0976a36741a72482620aa4b48" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0007/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31294", "datePublished": "2023-07-15T00:00:00", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-10-30T18:29:51.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-36021
Vulnerability from cvelistv5
Published
2023-03-01 15:46
Modified
2024-08-03 09:51
Severity ?
EPSS score ?
Summary
Redis string pattern matching can be abused to achieve Denial of Service
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:51:59.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv" }, { "name": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 6.0.18" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.11" }, { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.9" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-407", "description": "CWE-407: Inefficient Algorithmic Complexity", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-01T15:46:23.567Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv" }, { "name": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84" } ], "source": { "advisory": "GHSA-jr7j-rfj5-8xqv", "discovery": "UNKNOWN" }, "title": "Redis string pattern matching can be abused to achieve Denial of Service" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-36021", "datePublished": "2023-03-01T15:46:23.567Z", "dateReserved": "2022-07-15T23:52:24.301Z", "dateUpdated": "2024-08-03T09:51:59.947Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32625
Vulnerability from cvelistv5
Published
2021-06-02 19:35
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Redis vulnerability in STRALGO LCS on 32-bit systems
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq | x_refsource_CONFIRM | |
https://github.com/redis/redis/releases/tag/6.0.14 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.2.4 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/ | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:30.543Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.0.14" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.4" }, { "name": "FEDORA-2021-916f861096", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 6.0.14" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-08-04T18:23:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.0.14" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.4" }, { "name": "FEDORA-2021-916f861096", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" } ], "source": { "advisory": "GHSA-46cp-x4x9-6pfq", "discovery": "UNKNOWN" }, "title": "Redis vulnerability in STRALGO LCS on 32-bit systems", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32625", "STATE": "PUBLIC", "TITLE": "Redis vulnerability in STRALGO LCS on 32-bit systems" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 6.0.14" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.4" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq" }, { "name": "https://github.com/redis/redis/releases/tag/6.0.14", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/6.0.14" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.4", "refsource": "MISC", "url": "https://github.com/redis/redis/releases/tag/6.2.4" }, { "name": "FEDORA-2021-916f861096", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" } ] }, "source": { "advisory": "GHSA-46cp-x4x9-6pfq", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32625", "datePublished": "2021-06-02T19:35:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.543Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3734
Vulnerability from cvelistv5
Published
2022-10-28 00:00
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Redis on Windows dbghelp.dll uncontrolled search path
References
Impacted products
▼ | Vendor | Product |
---|---|---|
unspecified | Redis |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:57.545Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.cnblogs.com/J0o1ey/p/16829380.html" }, { "tags": [ "x_transferred" ], "url": "https://vuldb.com/?id.212416" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Redis", "vendor": "unspecified", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426 Untrusted Search Path -\u003e CWE-427 Uncontrolled Search Path", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-29T00:00:00", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "url": "https://www.cnblogs.com/J0o1ey/p/16829380.html" }, { "url": "https://vuldb.com/?id.212416" } ], "tags": [ "disputed" ], "title": "Redis on Windows dbghelp.dll uncontrolled search path", "x_generator": "vuldb.com" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3734", "datePublished": "2022-10-28T00:00:00", "dateReserved": "2022-10-28T00:00:00", "dateUpdated": "2024-08-03T01:20:57.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-22458
Vulnerability from cvelistv5
Published
2023-01-20 18:19
Modified
2024-08-02 10:13
Severity ?
EPSS score ?
Summary
Integer overflow in multiple Redis commands can lead to denial-of-service
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.2.9 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/7.0.8 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:13:48.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj" }, { "name": "https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.9", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.8", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 6.2, \u003c 6.2.9" }, { "status": "affected", "version": "\u003e= 7.0, \u003c 7.0.8" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-20T18:19:24.166Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj" }, { "name": "https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.9" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.8", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.8" } ], "source": { "advisory": "GHSA-r8w2-2m53-gprj", "discovery": "UNKNOWN" }, "title": "Integer overflow in multiple Redis commands can lead to denial-of-service" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-22458", "datePublished": "2023-01-20T18:19:24.166Z", "dateReserved": "2022-12-29T03:00:40.878Z", "dateUpdated": "2024-08-02T10:13:48.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-25155
Vulnerability from cvelistv5
Published
2023-03-02 03:01
Modified
2024-08-02 11:18
Severity ?
EPSS score ?
Summary
Integer Overflow in several Redis commands can lead to denial of service.
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.0.18 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/6.2.11 | x_refsource_MISC | |
https://github.com/redis/redis/releases/tag/7.0.9 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T11:18:36.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83" }, { "name": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619" }, { "name": "https://github.com/redis/redis/releases/tag/6.0.18", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.0.18" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.11", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/6.2.11" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.9", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 6.0.18" }, { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.9" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-02T03:01:36.879Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83" }, { "name": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619" }, { "name": "https://github.com/redis/redis/releases/tag/6.0.18", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.0.18" }, { "name": "https://github.com/redis/redis/releases/tag/6.2.11", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/6.2.11" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.9", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.9" } ], "source": { "advisory": "GHSA-x2r7-j9vw-3w83", "discovery": "UNKNOWN" }, "title": "Integer Overflow in several Redis commands can lead to denial of service." } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-25155", "datePublished": "2023-03-02T03:01:36.879Z", "dateReserved": "2023-02-03T16:59:18.242Z", "dateUpdated": "2024-08-02T11:18:36.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-29477
Vulnerability from cvelistv5
Published
2021-05-04 15:15
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
Vulnerability in the STRALGO LCS command
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g | x_refsource_CONFIRM | |
https://redis.io/ | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/ | vendor-advisory, x_refsource_FEDORA | |
https://security.gentoo.org/glsa/202107-20 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:11:05.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://redis.io/" }, { "name": "FEDORA-2021-3b267a756c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "FEDORA-2021-916f861096", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" }, { "name": "GLSA-202107-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202107-20" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.3" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.13" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-09T08:06:23", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g" }, { "tags": [ "x_refsource_MISC" ], "url": "https://redis.io/" }, { "name": "FEDORA-2021-3b267a756c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "FEDORA-2021-916f861096", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" }, { "name": "GLSA-202107-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202107-20" } ], "source": { "advisory": "GHSA-vqxj-26vj-996g", "discovery": "UNKNOWN" }, "title": "Vulnerability in the STRALGO LCS command", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-29477", "STATE": "PUBLIC", "TITLE": "Vulnerability in the STRALGO LCS command" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 6.2.0, \u003c 6.2.3" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.13" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g" }, { "name": "https://redis.io/", "refsource": "MISC", "url": "https://redis.io/" }, { "name": "FEDORA-2021-3b267a756c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/" }, { "name": "FEDORA-2021-8b19c99d6a", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/" }, { "name": "FEDORA-2021-916f861096", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/" }, { "name": "FEDORA-2021-0ad4bec5b1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/" }, { "name": "GLSA-202107-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-20" } ] }, "source": { "advisory": "GHSA-vqxj-26vj-996g", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-29477", "datePublished": "2021-05-04T15:15:17", "dateReserved": "2021-03-30T00:00:00", "dateUpdated": "2024-08-03T22:11:05.499Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-21309
Vulnerability from cvelistv5
Published
2021-02-26 21:50
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
Integer overflow on 32-bit systems
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 | x_refsource_MISC | |
https://github.com/redis/redis/pull/8522 | x_refsource_MISC | |
https://security.gentoo.org/glsa/202103-02 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T18:09:15.320Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/8522" }, { "name": "GLSA-202103-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202103-02" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 5.0.11" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.11" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-03-31T13:06:22", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/8522" }, { "name": "GLSA-202103-02", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202103-02" } ], "source": { "advisory": "GHSA-hgj8-vff2-7cjf", "discovery": "UNKNOWN" }, "title": "Integer overflow on 32-bit systems", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21309", "STATE": "PUBLIC", "TITLE": "Integer overflow on 32-bit systems" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 5.0.11" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.11" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf" }, { "name": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0" }, { "name": "https://github.com/redis/redis/pull/8522", "refsource": "MISC", "url": "https://github.com/redis/redis/pull/8522" }, { "name": "GLSA-202103-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202103-02" } ] }, "source": { "advisory": "GHSA-hgj8-vff2-7cjf", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21309", "datePublished": "2021-02-26T21:50:16", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.320Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-28856
Vulnerability from cvelistv5
Published
2023-04-18 20:50
Modified
2024-08-02 13:51
Severity ?
EPSS score ?
Summary
`HINCRBYFLOAT` can be used to crash a redis-server process
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T13:51:38.912Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6" }, { "name": "https://github.com/redis/redis/pull/11149", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/pull/11149" }, { "name": "https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0007/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.11" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.12" }, { "status": "affected", "version": "\u003c 6.0.19" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-18T20:50:03.691Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6" }, { "name": "https://github.com/redis/redis/pull/11149", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/pull/11149" }, { "name": "https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0007/" } ], "source": { "advisory": "GHSA-hjv8-vjf6-wcr6", "discovery": "UNKNOWN" }, "title": "`HINCRBYFLOAT` can be used to crash a redis-server process" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-28856", "datePublished": "2023-04-18T20:50:03.691Z", "dateReserved": "2023-03-24T16:25:34.468Z", "dateUpdated": "2024-08-02T13:51:38.912Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32761
Vulnerability from cvelistv5
Published
2021-07-21 20:50
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Integer overflow issues with *BIT commands on 32-bit systems
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html | mailing-list, x_refsource_MLIST | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/ | vendor-advisory, x_refsource_FEDORA | |
https://security.netapp.com/advisory/ntap-20210827-0004/ | x_refsource_CONFIRM | |
https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:55.821Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" }, { "name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html" }, { "name": "FEDORA-2021-10d54c261f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/" }, { "name": "FEDORA-2021-76cf1653b3", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210827-0004/" }, { "name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 2.2, \u003c 5.0.13" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.15" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:29", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" }, { "name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html" }, { "name": "FEDORA-2021-10d54c261f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/" }, { "name": "FEDORA-2021-76cf1653b3", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210827-0004/" }, { "name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-8wxq-j7rp-g8wj", "discovery": "UNKNOWN" }, "title": "Integer overflow issues with *BIT commands on 32-bit systems", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32761", "STATE": "PUBLIC", "TITLE": "Integer overflow issues with *BIT commands on 32-bit systems" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 2.2, \u003c 5.0.13" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.15" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.5" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-125: Out-of-bounds Read" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj" }, { "name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html" }, { "name": "FEDORA-2021-10d54c261f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/" }, { "name": "FEDORA-2021-76cf1653b3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/" }, { "name": "https://security.netapp.com/advisory/ntap-20210827-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210827-0004/" }, { "name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-8wxq-j7rp-g8wj", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32761", "datePublished": "2021-07-21T20:50:09", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:55.821Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-24834
Vulnerability from cvelistv5
Published
2023-07-13 14:35
Modified
2024-08-22 12:41
Severity ?
EPSS score ?
Summary
Heap overflow issue with the Lua cjson library used by Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.549Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0006/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "redis", "vendor": "redis", "versions": [ { "lessThan": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "6.2.13", "status": "affected", "version": "6.2.0", "versionType": "custom" }, { "lessThan": "6.0.20", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-24834", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-22T03:55:18.658874Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-22T12:41:07.308Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.12" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.13" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.20" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-13T14:35:41.181Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0006/" } ], "source": { "advisory": "GHSA-p8x2-9v9q-c838", "discovery": "UNKNOWN" }, "title": "Heap overflow issue with the Lua cjson library used by Redis" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24834", "datePublished": "2023-07-13T14:35:41.181Z", "dateReserved": "2022-02-10T16:41:34.931Z", "dateUpdated": "2024-08-22T12:41:07.308Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32762
Vulnerability from cvelistv5
Published
2021-10-04 18:00
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:33:55.894Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:31", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-833w-8v3m-8wwr", "discovery": "UNKNOWN" }, "title": "Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32762", "STATE": "PUBLIC", "TITLE": "Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This is a result of a vulnerability in the underlying hiredis library which does not perform an overflow check before calling the calloc() heap allocation function. This issue only impacts systems with heap allocators that do not perform their own overflow checks. Most modern systems do and are therefore not likely to be affected. Furthermore, by default redis-sentinel uses the jemalloc allocator which is also not vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr" }, { "name": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/0215324a66af949be39b34be2d55143232c1cb71" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-833w-8v3m-8wwr", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32762", "datePublished": "2021-10-04T18:00:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:55.894Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-41099
Vulnerability from cvelistv5
Published
2021-10-04 18:05
Modified
2024-08-04 02:59
Severity ?
EPSS score ?
Summary
Integer overflow issue with strings in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/ | vendor-advisory, x_refsource_FEDORA | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/ | vendor-advisory, x_refsource_FEDORA | |
https://www.debian.org/security/2021/dsa-5001 | vendor-advisory, x_refsource_DEBIAN | |
https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20211104-0003/ | x_refsource_CONFIRM | |
https://security.gentoo.org/glsa/202209-17 | vendor-advisory, x_refsource_GENTOO |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T02:59:31.395Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.2.0, 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-680", "description": "CWE-680: Integer Overflow to Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:43", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-j3cr-9h5g-6cph", "discovery": "UNKNOWN" }, "title": "Integer overflow issue with strings in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41099", "STATE": "PUBLIC", "TITLE": "Integer overflow issue with strings in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.2.0, 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190: Integer Overflow or Wraparound" } ] }, { "description": [ { "lang": "eng", "value": "CWE-680: Integer Overflow to Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph" }, { "name": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/c6ad876774f3cc11e32681ea02a2eead00f2c521" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-j3cr-9h5g-6cph", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41099", "datePublished": "2021-10-04T18:05:11", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T02:59:31.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-0543
Vulnerability from cvelistv5
Published
2022-02-18 19:25
Modified
2024-09-16 22:51
Severity ?
EPSS score ?
Summary
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
References
▼ | URL | Tags |
---|---|---|
https://bugs.debian.org/1005787 | x_refsource_MISC | |
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce | x_refsource_MISC | |
https://lists.debian.org/debian-security-announce/2022/msg00048.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5081 | vendor-advisory, x_refsource_DEBIAN | |
https://security.netapp.com/advisory/ntap-20220331-0004/ | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T23:32:46.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.debian.org/1005787" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce" }, { "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html" }, { "name": "DSA-5081", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5081" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220331-0004/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "Debian", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-02-18T00:00:00", "descriptions": [ { "lang": "en", "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "Lua sandbox escape", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-27T20:06:10", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.debian.org/1005787" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce" }, { "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html" }, { "name": "DSA-5081", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5081" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20220331-0004/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html" } ], "source": { "advisory": "DSA-5081-1", "discovery": "EXTERNAL" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2022-02-18T00:00:00.000Z", "ID": "CVE-2022-0543", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Debian" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Lua sandbox escape" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.debian.org/1005787", "refsource": "MISC", "url": "https://bugs.debian.org/1005787" }, { "name": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce", "refsource": "MISC", "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce" }, { "name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html" }, { "name": "DSA-5081", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5081" }, { "name": "https://security.netapp.com/advisory/ntap-20220331-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220331-0004/" }, { "name": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html" } ] }, "source": { "advisory": "DSA-5081-1", "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2022-0543", "datePublished": "2022-02-18T19:25:16.932290Z", "dateReserved": "2022-02-08T00:00:00", "dateUpdated": "2024-09-16T22:51:02.509Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3647
Vulnerability from cvelistv5
Published
2022-10-21 00:00
Modified
2024-08-03 01:14
Severity ?
3.1 (Low) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
3.1 (Low) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS score ?
Summary
Redis Crash Report debug.c sigsegvHandler denial of service
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.211962 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.211962 | signature, permissions-required | |
https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 | patch |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:14:03.289Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.211962" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.211962" }, { "tags": [ "patch", "x_transferred" ], "url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "modules": [ "Crash Report" ], "product": "Redis", "vendor": "n/a", "versions": [ { "status": "affected", "version": "6.2.0" }, { "status": "affected", "version": "6.2.1" }, { "status": "affected", "version": "6.2.2" }, { "status": "affected", "version": "6.2.3" }, { "status": "affected", "version": "6.2.4" }, { "status": "affected", "version": "6.2.5" }, { "status": "affected", "version": "6.2.6" }, { "status": "affected", "version": "6.2.7" }, { "status": "affected", "version": "7.0.0" }, { "status": "affected", "version": "7.0.1" }, { "status": "affected", "version": "7.0.2" }, { "status": "affected", "version": "7.0.3" }, { "status": "affected", "version": "7.0.4" }, { "status": "affected", "version": "7.0.5" } ] } ], "credits": [ { "lang": "en", "type": "analyst", "value": "arkamar (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred." }, { "lang": "de", "value": "Es wurde eine Schwachstelle in Redis bis 6.2.7/7.0.5 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sigsegvHandler der Datei debug.c der Komponente Crash Report. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Ein Aktualisieren auf die Version 6.2.8 and 7.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0bf90d944313919eb8e63d3588bf63a367f020a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 3.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 1.8, "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Denial of Service", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-06T09:30:49.145Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.211962" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.211962" }, { "tags": [ "patch" ], "url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3" } ], "tags": [ "disputed" ], "timeline": [ { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2022-10-21T00:00:00.000Z", "value": "CVE reserved" }, { "lang": "en", "time": "2022-10-21T02:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-02-06T10:30:49.000Z", "value": "VulDB entry last update" } ], "title": "Redis Crash Report debug.c sigsegvHandler denial of service" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2022-3647", "datePublished": "2022-10-21T00:00:00", "dateReserved": "2022-10-21T00:00:00", "dateUpdated": "2024-08-03T01:14:03.289Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36824
Vulnerability from cvelistv5
Published
2023-07-11 16:16
Modified
2024-10-18 18:33
Severity ?
EPSS score ?
Summary
Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:01:09.772Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.12", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/releases/tag/7.0.12" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230814-0009/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "redis", "vendor": "redis", "versions": [ { "lessThan": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-36824", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-18T18:06:25.399106Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-18T18:33:29.724Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.12" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.\n\n" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131: Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T16:16:16.432Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3" }, { "name": "https://github.com/redis/redis/releases/tag/7.0.12", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/releases/tag/7.0.12" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/" }, { "url": "https://security.netapp.com/advisory/ntap-20230814-0009/" } ], "source": { "advisory": "GHSA-4cfx-h9gq-xpx3", "discovery": "UNKNOWN" }, "title": "Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-36824", "datePublished": "2023-07-11T16:16:16.432Z", "dateReserved": "2023-06-27T15:43:18.386Z", "dateUpdated": "2024-10-18T18:33:29.724Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45145
Vulnerability from cvelistv5
Published
2023-10-18 20:17
Modified
2024-08-02 20:14
Severity ?
EPSS score ?
Summary
Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:14:18.392Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx" }, { "name": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231116-0014/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 2.6.0-rc1, \u003c 6.2.14" }, { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.0.14" }, { "status": "affected", "version": "\u003e= 7.1.0, \u003c 7.2.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-668", "description": "CWE-668: Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-18T20:17:08.588Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx" }, { "name": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00032.html" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/" }, { "url": "https://security.netapp.com/advisory/ntap-20231116-0014/" } ], "source": { "advisory": "GHSA-ghmp-889m-7cvx", "discovery": "UNKNOWN" }, "title": "Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window." } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-45145", "datePublished": "2023-10-18T20:17:08.588Z", "dateReserved": "2023-10-04T16:02:46.330Z", "dateUpdated": "2024-08-02T20:14:18.392Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-31228
Vulnerability from cvelistv5
Published
2024-10-07 19:51
Modified
2024-10-07 20:20
Severity ?
EPSS score ?
Summary
Denial-of-service due to unbounded pattern matching in Redis
References
▼ | URL | Tags |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976 | x_refsource_CONFIRM | |
https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0 | x_refsource_MISC |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-31228", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T20:20:14.689611Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T20:20:24.001Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 2.2.5, \u003c 6.2.16" }, { "status": "affected", "version": "\u003e= 7.0.0, \u003c 7.2.6" }, { "status": "affected", "version": "\u003e= 7.3.0, \u003c 7.4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-674", "description": "CWE-674: Uncontrolled Recursion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-07T19:51:06.784Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-66gq-c942-6976" }, { "name": "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0" } ], "source": { "advisory": "GHSA-66gq-c942-6976", "discovery": "UNKNOWN" }, "title": "Denial-of-service due to unbounded pattern matching in Redis" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-31228", "datePublished": "2024-10-07T19:51:06.784Z", "dateReserved": "2024-03-29T14:16:31.902Z", "dateUpdated": "2024-10-07T20:20:24.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32675
Vulnerability from cvelistv5
Published
2021-10-04 17:50
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
DoS vulnerability in Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:31.170Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003c 5.0.14" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:35", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47%40%3Cnotifications.geode.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-f6pw-v9gw-v64p", "discovery": "UNKNOWN" }, "title": "DoS vulnerability in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32675", "STATE": "PUBLIC", "TITLE": "DoS vulnerability in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003c 5.0.14" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-770: Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p" }, { "name": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c360f8" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[geode-notifications] 20211013 [GitHub] [geode] jdeppe-pivotal opened a new pull request #6994: GEODE-9676: Limit array and string sizes for unauthenticated Radish connections", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra603ff6e04549d7f290f61f9b11e2d2e4dba693b05ff053f4ec6bc47@%3Cnotifications.geode.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-f6pw-v9gw-v64p", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32675", "datePublished": "2021-10-04T17:50:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:31.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-32626
Vulnerability from cvelistv5
Published
2021-10-04 17:30
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Lua scripts can overflow the heap-based Lua stack in Redis
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:25:30.986Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "redis", "vendor": "redis", "versions": [ { "status": "affected", "version": "\u003e= 6.2.0, \u003c 6.2.6" }, { "status": "affected", "version": "\u003e= 6.0.0, \u003c 6.0.16" }, { "status": "affected", "version": "\u003e= 2.6.0, \u003c 5.0.14" } ] } ], "descriptions": [ { "lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-29T16:07:36", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591" }, { "name": "FEDORA-2021-8913c7900c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2021/dsa-5001" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202209-17" } ], "source": { "advisory": "GHSA-p486-xggp-782c", "discovery": "UNKNOWN" }, "title": "Lua scripts can overflow the heap-based Lua stack in Redis", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32626", "STATE": "PUBLIC", "TITLE": "Lua scripts can overflow the heap-based Lua stack in Redis" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "redis", "version": { "version_data": [ { "version_value": "\u003e= 6.2.0, \u003c 6.2.6" }, { "version_value": "\u003e= 6.0.0, \u003c 6.0.16" }, { "version_value": "\u003e= 2.6.0, \u003c 5.0.14" } ] } } ] }, "vendor_name": "redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution. This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-122: Heap-based Buffer Overflow" } ] }, { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c", "refsource": "CONFIRM", "url": "https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c" }, { "name": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591", "refsource": "MISC", "url": "https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf591" }, { "name": "FEDORA-2021-8913c7900c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/" }, { "name": "FEDORA-2021-61c487f241", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/" }, { "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E" }, { "name": "FEDORA-2021-aa94492a09", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/" }, { "name": "DSA-5001", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-5001" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "https://security.netapp.com/advisory/ntap-20211104-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211104-0003/" }, { "name": "GLSA-202209-17", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-17" } ] }, "source": { "advisory": "GHSA-p486-xggp-782c", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32626", "datePublished": "2021-10-04T17:30:11", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:25:30.986Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2016-8339
Vulnerability from cvelistv5
Published
2016-10-28 14:00
Modified
2024-08-06 02:20
Severity ?
EPSS score ?
Summary
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/93283 | vdb-entry, x_refsource_BID | |
https://security.gentoo.org/glsa/201702-16 | vendor-advisory, x_refsource_GENTOO | |
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 | x_refsource_MISC | |
http://www.talosintelligence.com/reports/TALOS-2016-0206/ | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:20:30.582Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "93283", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/93283" }, { "name": "GLSA-201702-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201702-16" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Redis", "vendor": "Redis", "versions": [ { "status": "affected", "version": "3.2.x prior to 3.2.4" } ] } ], "datePublic": "2016-09-30T00:00:00", "descriptions": [ { "lang": "en", "value": "A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Arbitrary Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T19:16:25", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "93283", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/93283" }, { "name": "GLSA-201702-16", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201702-16" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "talos-cna@cisco.com", "ID": "CVE-2016-8339", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Redis", "version": { "version_data": [ { "version_value": "3.2.x prior to 3.2.4" } ] } } ] }, "vendor_name": "Redis" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution." } ] }, "impact": { "cvss": { "baseScore": 6.6, "baseSeverity": "Medium", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Arbitrary Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "93283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93283" }, { "name": "GLSA-201702-16", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-16" }, { "name": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977", "refsource": "MISC", "url": "https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977" }, { "name": "http://www.talosintelligence.com/reports/TALOS-2016-0206/", "refsource": "MISC", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0206/" } ] } } } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2016-8339", "datePublished": "2016-10-28T14:00:00", "dateReserved": "2016-09-28T00:00:00", "dateUpdated": "2024-08-06T02:20:30.582Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }