pkg:Debian/redis

所有已知漏洞

• CRITICAL10.0CVE-2022-0543⚠ KEVredis - security update
  from 0, < 5:5.0.14-1+deb10u2
• CRITICAL10.0CVE-2022-0543⚠ KEVredis - security update
  from 0, < 5:6.0.16-1+deb11u2
• CRITICAL9.9Redis Lua Use-After-Free may lead to remote code execution
  from 0, < 5:6.0.16-1+deb11u8
• CRITICAL9.8redis-check-aof may lead to stack overflow and potential RCE
  from 0, < 5:7.0.15-1~deb12u5
• CRITICAL9.8redis-check-aof may lead to stack overflow and potential RCE
  from 0, < 5:7.0.15-1~deb12u5
• CRITICAL9.8Redis' Lua library commands may lead to remote code execution
  from 0, < 5:6.0.16-1+deb11u5
• CRITICAL9.8Redis' Lua library commands may lead to remote code execution
  from 0, < 5:7.0.15-1~deb12u3
• CRITICAL9.8Redis' Lua library commands may lead to remote code execution
  from 0, < 5:6.0.16-1+deb11u5
• CRITICAL9.8Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
  from 0, < 5:7.0.5-1
• CRITICAL9.8An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x befo…
  from 0, < 5:4.0.10-1
• CRITICAL9.8redis - security update
  from 0, < 5:4.0.10-1
• CRITICAL9.8redis - security update
  from 0, < 3:3.2.6-3+deb9u1
• CRITICAL9.8redis - security update
  from 0, < 2:2.8.17-1+deb8u6
• CRITICAL9.8The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and app…
  from 0, < 4:4.0.2-5
• CRITICAL9.8A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent.
  from 0, < 3:3.2.4-1
• HIGH8.8redis-server RESTORE invalid memory access may allow remote code execution
  from 0
• HIGH8.8redis-server use-after-free in unblock client flow may allow remote code execution
  from 0
• HIGH8.8Lua library commands may lead to integer overflow and potential RCE
  from 0, < 5:7.0.15-1~deb12u6
• HIGH8.8Lua library commands may lead to integer overflow and potential RCE
  from 0, < 5:6.0.16-1+deb11u8
• HIGH8.8Lua library commands may lead to integer overflow and potential RCE
  from 0, < 5:6.0.16-1+deb11u8
• HIGH8.8Lua library commands may lead to stack overflow and RCE in Redis
  from 0
• HIGH8.8Heap overflow issue with the Lua cjson library used by Redis
  from 0, < 5:6.0.16-1+deb11u3
• HIGH8.8Heap overflow issue with the Lua cjson library used by Redis
  from 0, < 5:6.0.16-1+deb11u3
• HIGH8.8Heap overflow issue with the Lua cjson library used by Redis
  from 0, < 5:7.0.15-1~deb12u1
• HIGH8.8Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
  from 0, < 5:7.0.15-1~deb12u1
• HIGH8.8Potential heap overflow in Redis
  from 0, < 5:7.0.4-1
• HIGH8.8Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
  from 0, < 5:6.0.16-1+deb11u1
• HIGH8.8Lua scripts can overflow the heap-based Lua stack in Redis
  from 0, < 3:3.2.6-3+deb9u8
• HIGH8.8Lua scripts can overflow the heap-based Lua stack in Redis
  from 0, < 5:5.0.14-1+deb10u1
• HIGH8.8Lua scripts can overflow the heap-based Lua stack in Redis
  from 0, < 5:6.0.16-1+deb11u1
• HIGH8.8Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
  from 0, < 5:6.0.14-1
• HIGH8.8Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
  from 0, < 5:6.0.13-1
• HIGH8.8Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
  from 0, < 5:6.0.13-1
• HIGH8.8redis - security update
  from 0, < 5:6.0.11-1
• HIGH8.8redis - security update
  from 0, < 3:3.2.6-3+deb9u4
• HIGH8.4Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to hig…
  from 0, < 5:4.0.10-1
• HIGH8.1redis-server Lua use-after-free may allow remote code execution
  from 0
• HIGH8.1Redis vulnerable to integer overflow in certain payloads
  from 0, < 5:7.0.15-1~deb12u1
• HIGH7.8Redis allows out of bounds writes in hyperloglog commands leading to RCE
  from 0, < 5:6.0.16-1+deb11u7
• HIGH7.8Redis allows out of bounds writes in hyperloglog commands leading to RCE
  from 0, < 5:6.0.16-1+deb11u7
• HIGH7.8Lua scripts can be manipulated to overcome ACL rules in Redis
  from 0
• HIGH7.7redis - security update
  from 0, < 5:6.0.0-1
• HIGH7.7redis - security update
  from 0, < 5:5.0.3-4+deb10u2
• HIGH7.5Malformed Valkey Cluster bus message can lead to Remote DoS
  from 0, < 5:7.0.15-1~deb12u7
• HIGH7.5Redis DoS Vulnerability due to bad connection error handling
  from 0, < 5:6.0.16-1+deb11u7
• HIGH7.5Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
  from 0, < 5:6.0.16-1+deb11u6
• HIGH7.5Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
  from 0, < 5:6.0.16-1+deb11u6
• HIGH7.5Integer overflow issue with strings in Redis
  from 0, < 5:6.0.16-1+deb11u1
• HIGH7.5Integer overflow issue with intsets in Redis
  from 0, < 5:6.0.16-1+deb11u1
• HIGH7.5DoS vulnerability in Redis
  from 0, < 5:6.0.16-1+deb11u1
• HIGH7.5Vulnerability in handling large ziplists
  from 0, < 5:6.0.16-1+deb11u1
• HIGH7.5Integer overflow issue with Streams in Redis
  from 0, < 5:6.0.16-1+deb11u1
• HIGH7.5A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS).
  from 0
• HIGH7.5redis - regression update
  from 0, < 3:3.2.6-3+deb9u5
• HIGH7.5redis - regression update
  from 0, < 5:6.0.15-1
• HIGH7.5redis - regression update
  from 0, < 3:3.2.6-3+deb9u6
• HIGH7.5redis - security update
  from 0, < 2:3.0.5-4
• HIGH7.5redis - security update
  from 0, < 2:2.8.17-1+deb8u3
• HIGH7.4redis - security update
  from 0, < 2:2.4.14-1+deb7u2
• HIGH7.4redis - security update
  from 0, < 3:3.2.7-1
• HIGH7.3Redis: Authenticated users can execute LUA scripts as a different user
  from 0
• HIGH7.2A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5…
  from 0, < 5:5.0.4-1
• HIGH7.2redis - security update
  from 0, < 5:5.0.4-1
• HIGH7.2redis - security update
  from 0, < 2:2.8.17-1+deb8u7
• HIGH7.2redis - security update
  from 0, < 3:3.2.6-3+deb9u3
• HIGH7.1Valkey Affected by RESP Protocol Injection via Lua error_reply
  from 0, < 5:7.0.15-1~deb12u7
• HIGH7.1Redis is vulnerable to DoS via specially crafted LUA scripts
  from 0, < 5:6.0.16-1+deb11u8
• MEDIUM6.5Denial-of-service due to unbounded pattern matching in Redis
  from 0, < 5:6.0.16-1+deb11u4
• MEDIUM6.5`HINCRBYFLOAT` can be used to crash a redis-server process
  from 0, < 5:5.0.14-1+deb10u4
• MEDIUM6.5`HINCRBYFLOAT` can be used to crash a redis-server process
  from 0, < 5:6.0.16-1+deb11u3
• MEDIUM6.5Integer Overflow in several Redis commands can lead to denial of service.
  from 0, < 5:6.0.16-1+deb11u3
• MEDIUM5.9Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifical…
  from 0
• MEDIUM5.5Specially crafted MSETNX command can lead to denial-of-service
  from 0, < 5:7.0.10-1
• MEDIUM5.5Redis string pattern matching can be abused to achieve Denial of Service
  from 0, < 5:5.0.14-1+deb10u3
• MEDIUM5.5Redis string pattern matching can be abused to achieve Denial of Service
  from 0, < 5:6.0.16-1+deb11u3
• MEDIUM5.5Integer overflow in multiple Redis commands can lead to denial-of-service
  from 0, < 5:7.0.8-1
• MEDIUM5.5Integer overflow in certain command arguments can drive Redis to OOM panic
  from 0, < 5:6.0.16-1+deb11u4
• MEDIUM5.5Integer overflow in certain command arguments can drive Redis to OOM panic
  from 0, < 5:6.0.16-1+deb11u4
• MEDIUM5.5A Malformed Lua script can crash Redis
  from 0
• MEDIUM5.5Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
  from 0, < 2:2.6.7-1
• MEDIUM5.5Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
  from 0, < 2:2.6.0-1
• MEDIUM5.5A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitiv…
  from 0, < 3:3.2.5-2
• MEDIUM5.3A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than je…
  from 0, < 5:6.0.9-1
• MEDIUM4.4Redis allows denial-of-service due to malformed ACL selectors
  from 0, < 5:7.0.15-1~deb12u3
• MEDIUM4.4Denial-of-service due to malformed ACL selectors in Redis
  from 0, < 5:7.0.15-1~deb12u2
• MEDIUM4.3Vulnerability in Lua Debugger in Redis
  from 0, < 5:6.0.16-1+deb11u1
• LOW3.6Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
  from 0, < 5:5.0.14-1+deb10u5
• LOW3.6Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
  from 0, < 5:6.0.16-1+deb11u3
• LOW3.5Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user.
  from 0
• LOW3.3Redis SORT_RO may bypass ACL configuration
  from 0, < 5:7.0.15-1~deb12u1
• LOW3.3Redis Crash Report debug.c sigsegvHandler denial of service
  from 0
• LOW3.3redis - security update
  from 0, < 2:2.8.17-1+deb8u5
• LOW3.3redis - security update
  from 0, < 2:2.4.14-1+deb7u1
• LOW3.3redis - security update
  from 0, < 2:3.2.1-4
• LOW3.1setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
  from 0
• —redis - security update
  from 0, < 2:2.8.17-1+deb8u1
• —redis - security update
  from 0, < 2:3.0.2-1