Search criteria
66 vulnerabilities found for redis by redislabs
FKIE_CVE-2020-21468
Vulnerability from fkie_nvd - Published: 2021-09-20 16:15 - Updated: 2024-11-21 05:12
Severity ?
Summary
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://redis.com | Vendor Advisory | |
| cve@mitre.org | https://github.com/antirez/redis/issues/6633 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://redis.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/antirez/redis/issues/6633 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8FAAED39-16B2-4896-9FC2-509A577EC49F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Un fallo de segmentaci\u00f3n en el componente redis-server de Redis 5.0.7 conduce a una denegaci\u00f3n de servicio (DOS). NOTA: el proveedor no puede reproducir este problema en una versi\u00f3n liberada, como la 5.0.7"
}
],
"id": "CVE-2020-21468",
"lastModified": "2024-11-21T05:12:35.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T16:15:09.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://redis.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/issues/6633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://redis.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/issues/6633"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32761
Vulnerability from fkie_nvd - Published: 2021-07-21 21:15 - Updated: 2024-11-21 06:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| redislabs | redis | * | |
| redislabs | redis | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F275C0-08C6-4AEE-A42B-03CA75B4B8E1",
"versionEndExcluding": "5.0.13",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72843087-4B95-472F-AE93-F926F0B02862",
"versionEndExcluding": "6.0.15",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3034FA0-1E34-4299-A9AF-7CF9FC7AAB92",
"versionEndExcluding": "6.2.5",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
},
{
"lang": "es",
"value": "Redis es una base de datos en memoria que persiste en el disco. Se presenta una vulnerabilidad que implica una lectura fuera de l\u00edmites y el desbordamiento de enteros a desbordamiento de b\u00fafer a partir de la versi\u00f3n 2.2 y anterior a las versiones 5.0.13, 6.0.15 y 6.2.5. En los sistemas de 32 bits, el comando \"*BIT*\" de Redis es vulnerable al desbordamiento de enteros que puede ser potencialmente explotado para corromper la pila, filtrar contenidos arbitrarios de pila o desencadenar una ejecuci\u00f3n de c\u00f3digo remota . La vulnerabilidad implica cambiar el par\u00e1metro de configuraci\u00f3n \"proto-max-bulk-len\" predeterminado a un valor muy grande y construir comandos de bits especialmente dise\u00f1ados. Este problema s\u00f3lo afecta a Redis en plataformas de 32 bits, o compilado como un binario de 32 bits. Redis versiones 5.0.3m 6.0.15, y 6.2.5 contienen parches para este problema. Una soluci\u00f3n adicional para mitigar el problema sin parchear el ejecutable \"redis-server\" es prevenir que usuarios modifiquen el par\u00e1metro de configuraci\u00f3n \"proto-max-bulk-len\". Esto puede hacerse usando ACL para restringir a usuarios sin privilegios de usar el comando CONFIG SET"
}
],
"id": "CVE-2021-32761",
"lastModified": "2024-11-21T06:07:41.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-21T21:15:07.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-17"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-680"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-32625
Vulnerability from fkie_nvd - Published: 2021-06-02 20:15 - Updated: 2024-11-21 06:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| redislabs | redis | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:x84:*",
"matchCriteriaId": "920666CD-F874-4640-A155-666D68910632",
"versionEndExcluding": "6.0.14",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:x84:*",
"matchCriteriaId": "A81BCE13-325F-4518-A14E-EC066FA22C76",
"versionEndExcluding": "6.2.4",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
},
{
"lang": "es",
"value": "Redis es un almac\u00e9n de estructuras de datos en memoria de c\u00f3digo abierto (con licencia BSD), utilizado como base de datos, cach\u00e9 y corredor de mensajes. Un error de desbordamiento de enteros en la versi\u00f3n 6.0 o m\u00e1s reciente de Redis, podr\u00eda ser explotado usando el comando STRALGO LCS para corromper la pila y potencialmente resultar en la ejecuci\u00f3n remota de c\u00f3digo. Esto es el resultado de una correcci\u00f3n incompleta de CVE-2021-29477. El problema se ha corregido en las versiones 6.2.4 y 6.0.14. Una soluci\u00f3n adicional para mitigar el problema sin parchear el ejecutable de redis-server es utilizar la configuraci\u00f3n ACL para evitar que los clientes utilicen el comando STRALGO LCS. En los sistemas de 64 bits que tienen las correcciones de CVE-2021-29477 (6.2.3 o 6.0.13), basta con asegurarse de que el par\u00e1metro de configuraci\u00f3n proto-max-bulk-len es menor que 2GB (el valor predeterminado es 512MB)"
}
],
"id": "CVE-2021-32625",
"lastModified": "2024-11-21T06:07:24.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T20:15:07.187",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-680"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29477
Vulnerability from fkie_nvd - Published: 2021-05-04 16:15 - Updated: 2024-11-21 06:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| redislabs | redis | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA8BE6C-F067-4CDB-AA28-C105276D210E",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1824F70-1A06-4908-A7A8-A3CDC6B17EB3",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
},
{
"lang": "es",
"value": "Redis es una estructura de datos en memoria de c\u00f3digo abierto (con licencia BSD) almacenado, utilizado como base de datos, cach\u00e9 y agente de mensajes.\u0026#xa0;Un bug de desbordamiento de enteros en Redis versi\u00f3n 6.0 o m\u00e1s reciente podr\u00eda ser explotada usando el comando \"STRALGO LCS\" para corromper la pila y potencialmente resultar en una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;El problema se corrigi\u00f3 en las versiones 6.2.3 y 6.0.13.\u0026#xa0;Una soluci\u00f3n alternativa para mitigar el problema sin parchear el ejecutable redis-server es usar la configuraci\u00f3n de ACL para impedir que los clientes usen el comando \"STRALGO LCS\""
}
],
"id": "CVE-2021-29477",
"lastModified": "2024-11-21T06:01:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-04T16:15:07.910",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://redis.io/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://redis.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-29478
Vulnerability from fkie_nvd - Published: 2021-05-04 16:15 - Updated: 2024-11-21 06:01
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1824F70-1A06-4908-A7A8-A3CDC6B17EB3",
"versionEndExcluding": "6.2.3",
"versionStartIncluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
},
{
"lang": "es",
"value": "Redis es una estructura de datos en memoria de c\u00f3digo abierto (con licencia BSD) almacenado, utilizado como base de datos, cach\u00e9 y agente de mensajes.\u0026#xa0;Un bug de desbordamiento de enteros en Redis versiones 6.2 anteriores a 6.2.3, podr\u00eda ser explotada para corromper la pila y potencialmente resultar en una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Redis versiones 6.0 y anteriores no est\u00e1n directamente afectadas por este problema.\u0026#xa0;El problema es corregido en la versi\u00f3n 6.2.3.\u0026#xa0;Una soluci\u00f3n alternativa para mitigar el problema sin parchear el ejecutable \"redis-server\" es impedir que los usuarios modifiquen el par\u00e1metro de configuraci\u00f3n \"set-max-intset-entries\".\u0026#xa0;Esto puede realizarse usando la ACL para restringir que los usuarios no privilegiados usen el comando \"CONFIG SET\""
}
],
"id": "CVE-2021-29478",
"lastModified": "2024-11-21T06:01:13.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-04T16:15:07.953",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://redis.io/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://redis.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-3470
Vulnerability from fkie_nvd - Published: 2021-03-31 14:15 - Updated: 2024-11-21 06:21
Severity ?
Summary
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1943623 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1943623 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5016C2D8-D4B2-414C-802F-7BDD3F7D3EA0",
"versionEndExcluding": "5.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9C8D2F-1A31-4590-8D0A-649F12BE0F12",
"versionEndExcluding": "6.0.9",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:6.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "29F3AA59-B998-425A-B8F3-D5D1E3EC6040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:6.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5D60A9F7-0EC8-415C-ABB7-9A997C72EEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:6.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1E0C28B7-B676-4F58-89F2-91163181D15B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0027s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema de desbordamiento de pila en Redis en las versiones anteriores a 5.0.10, versiones anteriores a 6.0.9 y versiones anteriores a 6.2.0, cuando se usaba un asignador de pila que no fuera jemalloc o malloc de glibc, conllevando a un posible bloqueo del proceso o de escritura fuera de l\u00edmites.\u0026#xa0;Efectivamente, este fallo no afecta a la gran mayor\u00eda de usuarios que usan jemalloc o glibc malloc."
}
],
"id": "CVE-2021-3470",
"lastModified": "2024-11-21T06:21:37.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-31T14:15:20.937",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-21309
Vulnerability from fkie_nvd - Published: 2021-02-26 22:15 - Updated: 2024-11-21 05:47
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/redis/redis/pull/8522 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf | Third Party Advisory | |
| security-advisories@github.com | https://security.gentoo.org/glsa/202103-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redis/redis/pull/8522 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202103-02 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "366C8910-66E7-4AB6-873C-70595AD42ADA",
"versionEndExcluding": "5.0.11",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C345BCBB-EB73-4DA5-93F0-42AB9E903CE5",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways."
},
{
"lang": "es",
"value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco.\u0026#xa0;En las versiones afectadas de Redis, un error de desbordamiento de enteros en Redis de 32 bits versi\u00f3n 4.0 o m\u00e1s reciente podr\u00eda ser explotada para corromper la pila y potencialmente resultar en una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Redis versiones 4.0 o posteriores, usa un l\u00edmite configurable para el tama\u00f1o m\u00e1ximo de la entrada masiva admitida.\u0026#xa0;Por defecto, es de 512 MB, que es un valor seguro para todas las plataformas.\u0026#xa0;Si el l\u00edmite aumenta significativamente, recibir una petici\u00f3n grande de un cliente puede desencadenar varios escenarios de desbordamiento de enteros, que podr\u00eda resultar en un desbordamiento del b\u00fafer y una corrupci\u00f3n de la pila.\u0026#xa0;Creemos que, en determinadas condiciones, esta podr\u00eda ser explotada para una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Por defecto, usuarios de Redis autenticados poseen acceso a todos los par\u00e1metros de configuraci\u00f3n y, por lo tanto, pueden usar \"CONFIG SET proto-max-bulk-len\" para cambiar el valor predeterminado seguro,\u0026#xa0;haciendo que el sistema sea vulnerable.** Este problema solo afecta a Redis de 32 bits (en un sistema de 32 bits o como un ejecutable de 32 bits que se ejecuta en un sistema de 64 bits). ** El problema se corrigi\u00f3 en la versi\u00f3n 6.2 y la soluci\u00f3n se ha modificado a versiones 6.0.11 y 5.0.11.\u0026#xa0;Aseg\u00farese de usar una de estas versiones si est\u00e1 ejecutando Redis de 32 bits.\u0026#xa0;Una soluci\u00f3n alternativa para mitigar el problema sin parchear el ejecutable de redis-server es impedir que los clientes ejecuten directamente `CONFIG SET`: Con Redis versiones 6.0 o m\u00e1s recientes, la configuraci\u00f3n de ACL puede ser usada para bloquear el comando.\u0026#xa0;Utilizando versiones anteriores, la directiva de configuraci\u00f3n \"rename-command\" puede ser usada para cambiar el nombre del comando a una cadena aleatoria desconocida para usuarios, haci\u00e9ndolo inaccesible.\u0026#xa0;Tome en cuenta que esta soluci\u00f3n puede tener un impacto adicional en los usuarios o los sistemas operativos que esperan que \"CONFIG SET\" se comporte de determinadas formas"
}
],
"id": "CVE-2021-21309",
"lastModified": "2024-11-21T05:47:59.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-26T22:15:19.457",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202103-02"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-14147
Vulnerability from fkie_nvd - Published: 2020-06-15 18:15 - Updated: 2024-11-21 05:02
Severity ?
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redislabs | redis | * | |
| redislabs | redis | * | |
| oracle | communications_operations_monitor | 3.4 | |
| oracle | communications_operations_monitor | 4.1 | |
| oracle | communications_operations_monitor | 4.2 | |
| oracle | communications_operations_monitor | 4.3 | |
| suse | linux_enterprise | 12.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DB17EB-A894-4DF8-BF74-C9514C05E0DB",
"versionEndExcluding": "5.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4050F12D-ECAE-47FD-A9DF-D63DC8591A9B",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF30C76E-7E58-4D76-89A8-53405685DA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC8B78D-1131-4F21-919D-8AC79A410FB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n getnum en el archivo lua_struct.c en Redis versiones anteriores a 6.0.3, permite a atacantes dependiendo del contexto, con permiso para ejecutar el c\u00f3digo Lua en una sesi\u00f3n de Redis, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria y bloqueo de la aplicaci\u00f3n) o posiblemente omitir las restricciones del sandbox previstas por medio de un n\u00famero grande, lo que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n stack de la pila. NOTA: este problema se presenta debido a una regresi\u00f3n de CVE-2015-8080"
}
],
"id": "CVE-2020-14147",
"lastModified": "2024-11-21T05:02:44.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-15T18:15:14.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0178
Vulnerability from fkie_nvd - Published: 2019-11-01 19:15 - Updated: 2024-11-21 01:47
Severity ?
Summary
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FE7F5D-2547-4377-9043-72DE4B55E170",
"versionEndExcluding": "2.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm."
},
{
"lang": "es",
"value": "Una vulnerabilidad de archivo temporal no seguro en Redis versiones anteriores a 2.6, relacionada con el archivo /tmp/redis-%p.vm."
}
],
"id": "CVE-2013-0178",
"lastModified": "2024-11-21T01:47:00.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T19:15:10.777",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0180
Vulnerability from fkie_nvd - Published: 2019-11-01 19:15 - Updated: 2024-11-21 01:47
Severity ?
Summary
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2013/01/14/7 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=894659 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2013/01/14/7 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=894659 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redislabs:redis:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA4D458-D105-4D92-BAC0-6F0C96CBBDFE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds."
},
{
"lang": "es",
"value": "Una vulnerabilidad de archivo temporal no seguro en Redis versi\u00f3n 2.6, relacionada con el archivo /tmp/redis.ds."
}
],
"id": "CVE-2013-0180",
"lastModified": "2024-11-21T01:47:00.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-01T19:15:10.837",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-21468 (GCVE-0-2020-21468)
Vulnerability from cvelistv5 – Published: 2021-09-20 15:11 – Updated: 2024-08-04 14:30 Disputed
VLAI?
Summary
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-21468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:23:43.744637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:23:54.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:30:33.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/issues/6633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T12:48:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/issues/6633"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://redis.com",
"refsource": "MISC",
"url": "http://redis.com"
},
{
"name": "https://github.com/antirez/redis/issues/6633",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/6633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21468",
"datePublished": "2021-09-20T15:11:37",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:30:33.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32761 (GCVE-0-2021-32761)
Vulnerability from cvelistv5 – Published: 2021-07-21 20:50 – Updated: 2024-08-03 23:33
VLAI?
Title
Integer overflow issues with *BIT commands on 32-bit systems
Summary
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2, \u003c 5.0.13"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.15"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:29",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-8wxq-j7rp-g8wj",
"discovery": "UNKNOWN"
},
"title": "Integer overflow issues with *BIT commands on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32761",
"STATE": "PUBLIC",
"TITLE": "Integer overflow issues with *BIT commands on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.2, \u003c 5.0.13"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.15"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.5"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210827-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-8wxq-j7rp-g8wj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32761",
"datePublished": "2021-07-21T20:50:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32625 (GCVE-0-2021-32625)
Vulnerability from cvelistv5 – Published: 2021-06-02 19:35 – Updated: 2024-08-03 23:25
VLAI?
Title
Redis vulnerability in STRALGO LCS on 32-bit systems
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
Severity ?
7.5 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:23:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
},
"title": "Redis vulnerability in STRALGO LCS on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32625",
"STATE": "PUBLIC",
"TITLE": "Redis vulnerability in STRALGO LCS on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 6.0.14"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.0.14",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.4",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
]
},
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32625",
"datePublished": "2021-06-02T19:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29478 (GCVE-0-2021-29478)
Vulnerability from cvelistv5 – Published: 2021-05-04 16:00 – Updated: 2024-08-03 22:11
VLAI?
Title
Vulnerability in the COPY command for large intsets
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redis.io/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:06:21",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redis.io/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"source": {
"advisory": "GHSA-qh52-crrg-44g3",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in the COPY command for large intsets",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29478",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in the COPY command for large intsets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.3"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redis.io/",
"refsource": "MISC",
"url": "https://redis.io/"
},
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-20"
}
]
},
"source": {
"advisory": "GHSA-qh52-crrg-44g3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29478",
"datePublished": "2021-05-04T16:00:23",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29477 (GCVE-0-2021-29477)
Vulnerability from cvelistv5 – Published: 2021-05-04 15:15 – Updated: 2024-08-03 22:11
VLAI?
Title
Vulnerability in the STRALGO LCS command
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:06:23",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"source": {
"advisory": "GHSA-vqxj-26vj-996g",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in the STRALGO LCS command",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29477",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in the STRALGO LCS command"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.3"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.13"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"name": "https://redis.io/",
"refsource": "MISC",
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-20"
}
]
},
"source": {
"advisory": "GHSA-vqxj-26vj-996g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29477",
"datePublished": "2021-05-04T15:15:17",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3470 (GCVE-0-2021-3470)
Vulnerability from cvelistv5 – Published: 2021-03-31 13:44 – Updated: 2024-08-03 16:53
VLAI?
Summary
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "redis 5.0.10, redis 6.0.9, redis 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0027s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T13:44:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "redis 5.0.10, redis 6.0.9, redis 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0027s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3470",
"datePublished": "2021-03-31T13:44:13",
"dateReserved": "2021-03-26T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21309 (GCVE-0-2021-21309)
Vulnerability from cvelistv5 – Published: 2021-02-26 21:50 – Updated: 2024-08-03 18:09
VLAI?
Title
Integer overflow on 32-bit systems
Summary
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.
Severity ?
5.4 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202103-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T13:06:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202103-02"
}
],
"source": {
"advisory": "GHSA-hgj8-vff2-7cjf",
"discovery": "UNKNOWN"
},
"title": "Integer overflow on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21309",
"STATE": "PUBLIC",
"TITLE": "Integer overflow on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.11"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"name": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"name": "https://github.com/redis/redis/pull/8522",
"refsource": "MISC",
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202103-02"
}
]
},
"source": {
"advisory": "GHSA-hgj8-vff2-7cjf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21309",
"datePublished": "2021-02-26T21:50:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14147 (GCVE-0-2020-14147)
Vulnerability from cvelistv5 – Published: 2020-06-15 16:52 – Updated: 2024-08-04 12:39
VLAI?
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14147",
"datePublished": "2020-06-15T16:52:45",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0180 (GCVE-0-2013-0180)
Vulnerability from cvelistv5 – Published: 2019-11-01 18:25 – Updated: 2024-08-06 14:18
VLAI?
Summary
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | Redis |
Affected:
2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
}
],
"datePublic": "2013-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:25:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redis",
"version": {
"version_data": [
{
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "Redis Labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=894659",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0180",
"datePublished": "2019-11-01T18:25:30",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0178 (GCVE-0-2013-0178)
Vulnerability from cvelistv5 – Published: 2019-11-01 18:25 – Updated: 2024-08-06 14:18
VLAI?
Summary
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | Redis |
Affected:
before 2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "before 2.6"
}
]
}
],
"datePublic": "2013-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:25:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0178",
"datePublished": "2019-11-01T18:25:27",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-21468 (GCVE-0-2020-21468)
Vulnerability from nvd – Published: 2021-09-20 15:11 – Updated: 2024-08-04 14:30 Disputed
VLAI?
Summary
A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-21468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:23:43.744637Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:23:54.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:30:33.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://redis.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/issues/6633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-27T12:48:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://redis.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/issues/6633"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-21468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://redis.com",
"refsource": "MISC",
"url": "http://redis.com"
},
{
"name": "https://github.com/antirez/redis/issues/6633",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/6633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-21468",
"datePublished": "2021-09-20T15:11:37",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:30:33.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32761 (GCVE-0-2021-32761)
Vulnerability from nvd – Published: 2021-07-21 20:50 – Updated: 2024-08-03 23:33
VLAI?
Title
Integer overflow issues with *BIT commands on 32-bit systems
Summary
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2, \u003c 5.0.13"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.15"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:29",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-17"
}
],
"source": {
"advisory": "GHSA-8wxq-j7rp-g8wj",
"discovery": "UNKNOWN"
},
"title": "Integer overflow issues with *BIT commands on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32761",
"STATE": "PUBLIC",
"TITLE": "Integer overflow issues with *BIT commands on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.2, \u003c 5.0.13"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.15"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.5"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj"
},
{
"name": "[debian-lts-announce] 20210722 [SECURITY] [DLA 2717-1] redis security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00017.html"
},
{
"name": "FEDORA-2021-10d54c261f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGX7RRAWGXWXEAKJTQYSDSBO2BC3SAHD/"
},
{
"name": "FEDORA-2021-76cf1653b3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6O7AUOROBYGP5IMGJPC5HZ3R2RB6GZ5X/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210827-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210827-0004/"
},
{
"name": "[debian-lts-announce] 20210827 [SECURITY] [DLA 2717-2] redis security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00026.html"
},
{
"name": "DSA-5001",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5001"
},
{
"name": "GLSA-202209-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-17"
}
]
},
"source": {
"advisory": "GHSA-8wxq-j7rp-g8wj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32761",
"datePublished": "2021-07-21T20:50:09",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32625 (GCVE-0-2021-32625)
Vulnerability from nvd – Published: 2021-06-02 19:35 – Updated: 2024-08-03 23:25
VLAI?
Title
Redis vulnerability in STRALGO LCS on 32-bit systems
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).
Severity ?
7.5 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.14"
},
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680: Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-04T18:23:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
],
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
},
"title": "Redis vulnerability in STRALGO LCS on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32625",
"STATE": "PUBLIC",
"TITLE": "Redis vulnerability in STRALGO LCS on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 6.0.14"
},
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.4"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-680: Integer Overflow to Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.0.14",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.0.14"
},
{
"name": "https://github.com/redis/redis/releases/tag/6.2.4",
"refsource": "MISC",
"url": "https://github.com/redis/redis/releases/tag/6.2.4"
},
{
"name": "FEDORA-2021-916f861096",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
}
]
},
"source": {
"advisory": "GHSA-46cp-x4x9-6pfq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32625",
"datePublished": "2021-06-02T19:35:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29478 (GCVE-0-2021-29478)
Vulnerability from nvd – Published: 2021-05-04 16:00 – Updated: 2024-08-03 22:11
VLAI?
Title
Vulnerability in the COPY command for large intsets
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redis.io/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:06:21",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redis.io/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"source": {
"advisory": "GHSA-qh52-crrg-44g3",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in the COPY command for large intsets",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29478",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in the COPY command for large intsets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.3"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redis.io/",
"refsource": "MISC",
"url": "https://redis.io/"
},
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3"
},
{
"name": "FEDORA-2021-3b267a756c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "GLSA-202107-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-20"
}
]
},
"source": {
"advisory": "GHSA-qh52-crrg-44g3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29478",
"datePublished": "2021-05-04T16:00:23",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-29477 (GCVE-0-2021-29477)
Vulnerability from nvd – Published: 2021-05-04 15:15 – Updated: 2024-08-03 22:11
VLAI?
Title
Vulnerability in the STRALGO LCS command
Summary
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:11:05.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.0, \u003c 6.2.3"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:06:23",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-20"
}
],
"source": {
"advisory": "GHSA-vqxj-26vj-996g",
"discovery": "UNKNOWN"
},
"title": "Vulnerability in the STRALGO LCS command",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29477",
"STATE": "PUBLIC",
"TITLE": "Vulnerability in the STRALGO LCS command"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.0, \u003c 6.2.3"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.13"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-vqxj-26vj-996g"
},
{
"name": "https://redis.io/",
"refsource": "MISC",
"url": "https://redis.io/"
},
{
"name": "FEDORA-2021-3b267a756c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/"
},
{
"name": "FEDORA-2021-8b19c99d6a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/"
},
{
"name": "FEDORA-2021-916f861096",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHWOF7CBVUGDK3AN6H3BN3VNTH2TDUZZ/"
},
{
"name": "FEDORA-2021-0ad4bec5b1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN7INTZFE34MIQJO7WDDTIY5LIBGN6GI/"
},
{
"name": "GLSA-202107-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-20"
}
]
},
"source": {
"advisory": "GHSA-vqxj-26vj-996g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29477",
"datePublished": "2021-05-04T15:15:17",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:11:05.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3470 (GCVE-0-2021-3470)
Vulnerability from nvd – Published: 2021-03-31 13:44 – Updated: 2024-08-03 16:53
VLAI?
Summary
A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:53:17.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "redis 5.0.10, redis 6.0.9, redis 6.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0027s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T13:44:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-3470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "redis 5.0.10, redis 6.0.9, redis 6.2.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc\u0027s malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1943623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3470",
"datePublished": "2021-03-31T13:44:13",
"dateReserved": "2021-03-26T00:00:00",
"dateUpdated": "2024-08-03T16:53:17.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21309 (GCVE-0-2021-21309)
Vulnerability from nvd – Published: 2021-02-26 21:50 – Updated: 2024-08-03 18:09
VLAI?
Title
Integer overflow on 32-bit systems
Summary
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the “CONFIG SET proto-max-bulk-len” to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways.
Severity ?
5.4 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202103-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "redis",
"vendor": "redis",
"versions": [
{
"status": "affected",
"version": "\u003c 5.0.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.0.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-31T13:06:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202103-02"
}
],
"source": {
"advisory": "GHSA-hgj8-vff2-7cjf",
"discovery": "UNKNOWN"
},
"title": "Integer overflow on 32-bit systems",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21309",
"STATE": "PUBLIC",
"TITLE": "Integer overflow on 32-bit systems"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "redis",
"version": {
"version_data": [
{
"version_value": "\u003c 5.0.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 6.0.11"
}
]
}
}
]
},
"vendor_name": "redis"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default, it is 512MB which is a safe value for all platforms. If the limit is significantly increased, receiving a large request from a client may trigger several integer overflow scenarios, which would result with buffer overflow and heap corruption. We believe this could in certain conditions be exploited for remote code execution. By default, authenticated Redis users have access to all configuration parameters and can therefore use the \u201cCONFIG SET proto-max-bulk-len\u201d to change the safe default, making the system vulnerable. **This problem only affects 32-bit Redis (on a 32-bit system, or as a 32-bit executable running on a 64-bit system).** The problem is fixed in version 6.2, and the fix is back ported to 6.0.11 and 5.0.11. Make sure you use one of these versions if you are running 32-bit Redis. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent clients from directly executing `CONFIG SET`: Using Redis 6.0 or newer, ACL configuration can be used to block the command. Using older versions, the `rename-command` configuration directive can be used to rename the command to a random string unknown to users, rendering it inaccessible. Please note that this workaround may have an additional impact on users or operational systems that expect `CONFIG SET` to behave in certain ways."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf",
"refsource": "CONFIRM",
"url": "https://github.com/redis/redis/security/advisories/GHSA-hgj8-vff2-7cjf"
},
{
"name": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0",
"refsource": "MISC",
"url": "https://github.com/redis/redis/commit/c992857618db99776917f10bf4f2345a5fdc78b0"
},
{
"name": "https://github.com/redis/redis/pull/8522",
"refsource": "MISC",
"url": "https://github.com/redis/redis/pull/8522"
},
{
"name": "GLSA-202103-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202103-02"
}
]
},
"source": {
"advisory": "GHSA-hgj8-vff2-7cjf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21309",
"datePublished": "2021-02-26T21:50:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14147 (GCVE-0-2020-14147)
Vulnerability from nvd – Published: 2020-06-15 16:52 – Updated: 2024-08-04 12:39
VLAI?
Summary
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:35.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/antirez/redis/pull/6875",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/pull/6875"
},
{
"name": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571"
},
{
"name": "DSA-4731",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4731"
},
{
"name": "openSUSE-SU-2020:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00058.html"
},
{
"name": "GLSA-202008-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202008-17"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14147",
"datePublished": "2020-06-15T16:52:45",
"dateReserved": "2020-06-15T00:00:00",
"dateUpdated": "2024-08-04T12:39:35.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0180 (GCVE-0-2013-0180)
Vulnerability from nvd – Published: 2019-11-01 18:25 – Updated: 2024-08-06 14:18
VLAI?
Summary
Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | Redis |
Affected:
2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "2.6"
}
]
}
],
"datePublic": "2013-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:25:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Redis",
"version": {
"version_data": [
{
"version_value": "2.6"
}
]
}
}
]
},
"vendor_name": "Redis Labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130114 Re: CVE Request -- redis: Two insecure temporary file use flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=894659",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0180",
"datePublished": "2019-11-01T18:25:30",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0178 (GCVE-0-2013-0178)
Vulnerability from nvd – Published: 2019-11-01 18:25 – Updated: 2024-08-06 14:18
VLAI?
Summary
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Redis Labs | Redis |
Affected:
before 2.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "Redis Labs",
"versions": [
{
"status": "affected",
"version": "before 2.6"
}
]
}
],
"datePublic": "2013-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-01T18:25:27",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0178"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/14/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/antirez/redis/commit/697af434fbeb2e3ba2ba9687cd283ed1a2734fa5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0178",
"datePublished": "2019-11-01T18:25:27",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}