Ozan Tezcan

6 exploits Active since Apr 2024
CVE-2024-25115 WRITEUP HIGH WRITEUP
RedisBloom 2.0.0-2.4.6 and 2.5.0-2.6.9 - Authenticated Heap Overflow via CF.LOADCHUNK Command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS 7.0
CVE-2024-25116 WRITEUP MEDIUM WRITEUP
RedisBloom 2.0.0-2.4.6 and 2.5.0-2.6.9 - Authenticated Denial of Service via CF.RESERVE Command
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS 5.5
CVE-2025-46817 WRITEUP HIGH WRITEUP
Redis < 6.2.20 - Authenticated Remote Code Execution via Lua Script Integer Overflow
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
CVSS 7.0
CVE-2025-46818 WRITEUP MEDIUM WRITEUP
Redis < 6.2.20 - Authenticated Code Injection via Lua Script Manipulation
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
CVSS 6.0
CVE-2025-46819 WRITEUP MEDIUM WRITEUP
Redis < 6.2.20 - Authenticated Denial of Service via Lua Script
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
CVSS 6.3
CVE-2025-48367 WRITEUP HIGH WRITEUP
Redis < 6.2.19 - Unauthenticated Denial of Service via IP Protocol Error Flood
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
CVSS 7.5