| CVE-2021-41099 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code... |
| CVE-2021-32762 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network... |
| CVE-2021-32761 |
AVG-2204 |
High |
Yes |
Arbitrary code execution |
A security issue has been found in Redis before version 6.2.5. In 32-bit versions, the Redis BITFIELD command is vulnerable to an integer overflow that can... |
| CVE-2021-32687 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap... |
| CVE-2021-32675 |
AVG-2438 |
High |
Yes |
Denial of service |
When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of... |
| CVE-2021-32672 |
AVG-2438 |
Low |
Yes |
Information disclosure |
When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This... |
| CVE-2021-32628 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote... |
| CVE-2021-32627 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in Redis 5.0 or newer can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability... |
| CVE-2021-32626 |
AVG-2438 |
High |
Yes |
Arbitrary code execution |
Specially crafted Lua scripts executing in Redis can cause the heap- based Lua stack to be overflowed, due to incomplete checks for this condition. This can... |
| CVE-2021-32625 |
AVG-2022 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in Redis versions 6.0 up to 6.2.3 can be exploited using the STRALGO LCS command to corrupt the heap and potentially result in... |
| CVE-2021-29478 |
AVG-1909 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and... |
| CVE-2021-29477 |
AVG-1909 |
High |
Yes |
Arbitrary code execution |
An integer overflow bug in Redis version 6.0 or newer could be exploited using the "STRALGO LCS" command to corrupt the heap and potentially result with... |
| CVE-2021-21309 |
AVG-1619 |
Medium |
Yes |
Arbitrary code execution |
Redis 4.0 or newer uses a configurable limit for the maximum supported bulk input size. By default it is 512MB, which is a safe value for all platforms. On... |