antirez

8 exploits Active since Dec 2000
CVE-2018-11218 WRITEUP CRITICAL WRITEUP
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Memory Corruption via Lua cmsgpack Library
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVSS 9.8
CVE-2018-11218 WRITEUP CRITICAL WRITEUP
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Memory Corruption via Lua cmsgpack Library
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVSS 9.8
CVE-2018-11219 WRITEUP CRITICAL WRITEUP
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Integer Overflow in Lua Struct Library
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVSS 9.8
CVE-2018-12326 WRITEUP HIGH WRITEUP
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS 8.4
CVE-2013-0178 WRITEUP MEDIUM WRITEUP
Redis < 2.6.0 - Insecure Temporary File Handling in /tmp/redis-%p.vm
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
CVSS 5.5
CVE-2016-8339 WRITEUP CRITICAL WRITEUP
Redis 3.2.x <3.2.4 - Buffer Overflow
A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.
CVSS 9.8
CVE-2018-11219 WRITEUP CRITICAL WRITEUP
Redis < 3.2.12, 4.x < 4.0.10, 5.x < 5.0 RC2 - Integer Overflow in Lua Struct Library
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVSS 9.8
CVE-2000-1029 EXPLOITDB c WORKING POC
ISC BIND host command - Buffer Overflow
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.