| CVE-2021-41099 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code... |
| CVE-2021-32762 |
High |
Yes |
Arbitrary code execution |
The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network... |
| CVE-2021-32687 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap... |
| CVE-2021-32675 |
High |
Yes |
Denial of service |
When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of... |
| CVE-2021-32672 |
Low |
Yes |
Information disclosure |
When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This... |
| CVE-2021-32628 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote... |
| CVE-2021-32627 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in Redis 5.0 or newer can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability... |
| CVE-2021-32626 |
High |
Yes |
Arbitrary code execution |
Specially crafted Lua scripts executing in Redis can cause the heap- based Lua stack to be overflowed, due to incomplete checks for this condition. This can... |