Redis
Products by Redis Sorted by Most Security Vulnerabilities since 2018
Known Exploited Redis Vulnerabilities
The following Redis vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Debian-specific Redis Server Lua Sandbox Escape Vulnerability | Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. CVE-2022-0543 | March 28, 2022 |
By the Year
In 2024 there have been 2 vulnerabilities in Redis with an average score of 9.0 out of ten. Last year Redis had 14 security vulnerabilities published. Right now, Redis is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 3.01.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 2 | 8.95 |
| 2023 | 14 | 5.94 |
| 2022 | 8 | 7.81 |
| 2021 | 9 | 7.58 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Redis vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Redis Security Vulnerabilities
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation
CVE-2023-31654
9.8 - Critical
- January 23, 2024
Redis raft master-1b8bd86 to master-7b46079 was discovered to contain an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c.
Redis is an in-memory database that persists on disk
CVE-2023-41056
8.1 - High
- January 10, 2024
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Integer Overflow or Wraparound
Redis is an in-memory database that persists on disk
CVE-2023-45145
3.6 - Low
- October 18, 2023
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Exposure of Resource to Wrong Sphere
Redis is an in-memory database that persists on disk
CVE-2023-41053
3.3 - Low
- September 06, 2023
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Improper Privilege Management
Redis before 6cbea7d
CVE-2021-31294
5.9 - Medium
- July 15, 2023
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
assertion failure
Redis is an in-memory database that persists on disk
CVE-2022-24834
8.8 - High
- July 13, 2023
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Heap-based Buffer Overflow
Redis is an in-memory database that persists on disk
CVE-2023-36824
8.8 - High
- July 11, 2023
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.
Heap-based Buffer Overflow
redis v7.0.10 was discovered to contain a segmentation violation
CVE-2023-31655
7.5 - High
- May 18, 2023
redis v7.0.10 was discovered to contain a segmentation violation. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Redis is an open source, in-memory database that persists on disk
CVE-2023-28856
6.5 - Medium
- April 18, 2023
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.
assertion failure
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after
CVE-2023-28859
6.5 - Medium
- March 26, 2023
redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.
Insufficient Cleanup
redis-py before 4.5.3 leaves a connection open after
CVE-2023-28858
3.7 - Low
- March 26, 2023
redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.
off-by-five
Redis is an in-memory database that persists on disk
CVE-2023-28425
5.5 - Medium
- March 20, 2023
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
Command Injection
Redis is an in-memory database that persists on disk
CVE-2023-25155
6.5 - Medium
- March 02, 2023
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Integer Overflow or Wraparound
Redis is an in-memory database that persists on disk
CVE-2022-36021
5.5 - Medium
- March 01, 2023
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Inefficient Algorithmic Complexity
Redis is an in-memory database that persists on disk
CVE-2022-35977
5.5 - Medium
- January 20, 2023
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Integer Overflow or Wraparound
Redis is an in-memory database that persists on disk
CVE-2023-22458
5.5 - Medium
- January 20, 2023
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Integer Overflow or Wraparound
A vulnerability was found in a port or fork of Redis
CVE-2022-3734
9.8 - Critical
- October 28, 2022
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
Untrusted Path
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5
CVE-2022-3647
3.3 - Low
- October 21, 2022
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.
Improper Resource Shutdown or Release
Redis is an in-memory database that persists on disk
CVE-2022-35951
9.8 - Critical
- September 23, 2022
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.
Integer Overflow or Wraparound
Redis is an in-memory database that persists on disk
CVE-2022-31144
8.8 - High
- July 19, 2022
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
Heap-based Buffer Overflow