CVE search results

1 – 10 of 74 results

Detailed view

Sort by:

CVE-2025-46686

Medium priority

Needs evaluation

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the...

1 affected package

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2025-48367

Medium priority

Needs evaluation

Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed...

3 affected packages

redict, redis, valkey

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redict	Not in release	Not in release	—	—
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
valkey	Needs evaluation	Not in release	—	—

CVE-2025-32023

Medium priority

Needs evaluation

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write...

3 affected packages

redict, redis, valkey

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redict	Not in release	Not in release	—	—
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
valkey	Needs evaluation	Not in release	—	—

CVE-2025-49112

Medium priority

Needs evaluation

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

3 affected packages

redict, redis, valkey

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redict	Not in release	Not in release	Not in release	—
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
valkey	Needs evaluation	Not in release	Not in release	—

CVE-2025-27151

Medium priority

Needs evaluation

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when...

1 affected package

redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2025-21605

Medium priority

Needs evaluation

Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is...

3 affected packages

redict, redis, valkey

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redict	Not in release	Not in release	Not in release	—
redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
valkey	Needs evaluation	Not in release	Not in release	—

CVE-2024-33452

Medium priority

Needs evaluation

An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.

3 affected packages

lua-nginx-memcached, lua-nginx-redis, lua-nginx-websocket

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lua-nginx-memcached	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lua-nginx-redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
lua-nginx-websocket	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2025-29479

Medium priority

Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

1 affected package

hiredis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
hiredis	Not affected	Not affected	Not affected	Not affected

CVE-2025-29923

Medium priority

Needs evaluation

go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can...

1 affected package

golang-github-go-redis-redis

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-go-redis-redis	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-51737

Medium priority

Needs evaluation

RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH...

1 affected package

redisearch

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
redisearch	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports