Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Redis

Source -

CISACNA

BOS Name -

Redis Inc.

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-46686
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.03% / 6.00%
||
7 Day CHG-0.01%
Published-23 Jul, 2025 | 00:00
Updated-26 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

Action-Not Available
Vendor-Redis Inc.
Product-Redis
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2022-0543
Assigner-Debian GNU/Linux
ShareView Details
Assigner-Debian GNU/Linux
CVSS Score-10||CRITICAL
EPSS-94.38% / 99.97%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 19:25
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Action-Not Available
Vendor-Canonical Ltd.Redis Inc.Debian GNU/Linux
Product-redisdebian_linuxubuntu_linuxredisDebian-specific Redis Servers
CWE ID-CWE-862
Missing Authorization
CVE-2016-8339
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-6.6||MEDIUM
EPSS-2.49% / 84.70%
||
7 Day CHG~0.00%
Published-28 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

Action-Not Available
Vendor-Redis Inc.
Product-redisRedis
CWE ID-CWE-787
Out-of-bounds Write