Redis Labs Redis 1.3.12

CPE Details

Redis Labs Redis 1.3.12
redislabs
redis
1.3.12
2018-08-07
15h13 +00:00
2018-08-07
15h13 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:redislabs:redis:1.3.12:*:*:*:*:*:*:*

Informations

Vendor

redislabs

Product

redis

Version

1.3.12

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-3470 2021-03-31 11h44 +00:00 A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.
5.3
Moyen
CVE-2020-14147 2020-06-15 14h52 +00:00 An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
7.7
Haute
CVE-2013-0178 2019-11-01 17h25 +00:00 Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
5.5
Moyen
CVE-2018-11218 2018-06-17 15h00 +00:00 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
9.8
Critique
CVE-2018-11219 2018-06-17 15h00 +00:00 An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
9.8
Critique
CVE-2018-12326 2018-06-17 12h00 +00:00 Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
8.4
Haute
CVE-2018-12453 2018-06-16 15h00 +00:00 Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
7.5
Haute
CVE-2016-10517 2017-10-24 16h00 +00:00 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).
7.4
Haute
CVE-2013-7458 2016-08-10 12h00 +00:00 linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive information by reading the file.
3.3
Bas
CVE-2015-4335 2015-06-09 12h00 +00:00 Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
10
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.