Approved changes feed: RSS · Atom

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorRedis (6c818399-7e28-57a6-8fa0-307b3f9a96f5)
ProductRedis (56983391-c965-509a-bb47-f44d8ba59efe)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/redis purl2cpe 2026-06-01 10:11:34.097658
pkg:deb/ubuntu/redis purl2cpe 2026-06-01 10:11:34.097660
pkg:docker/redis purl2cpe 2026-06-01 10:11:34.097662
pkg:github/redis/redis purl2cpe 2026-06-01 10:11:34.097664
pkg:rpm/centos/redis purl2cpe 2026-06-01 10:11:34.097666
pkg:rpm/opensuse/redis purl2cpe 2026-06-01 10:11:34.097668

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2026-25243 vulnerable 2026-06-08 07:53:19.544576 redis-server RESTORE invalid memory access may allow remote code execution
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.
Published: 2026-05-05T16:44:57.306Z
Updated: 2026-06-30T12:06:15.807Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-23631 vulnerable 2026-06-08 07:51:15.691670 redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3.
Published: 2026-05-05T16:39:32.337Z
Updated: 2026-06-30T12:05:59.073Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2026-23479 vulnerable 2026-06-08 07:51:15.503471 redis-server use-after-free in unblock client flow may allow remote code execution
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Published: 2026-05-05T16:36:05.486Z
Updated: 2026-06-30T12:06:44.727Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-62507 vulnerable 2026-06-08 07:37:29.872823 Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
Published: 2025-11-04T21:24:44.802Z
Updated: 2026-02-26T17:47:18.954Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-49844 vulnerable 2026-06-08 07:29:14.998249 Redis Lua Use-After-Free may lead to remote code execution
CRITICAL (10)
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Published: 2025-10-03T19:27:23.609Z
Updated: 2026-03-20T14:08:37.823Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-48367 vulnerable 2026-06-08 07:27:15.747257 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-46819 vulnerable 2026-06-08 07:27:08.931596 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-46818 vulnerable 2026-06-08 07:27:08.931222 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-46817 vulnerable 2026-06-08 07:27:08.930929 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-46686 vulnerable 2026-06-08 07:27:08.600479 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-32023 vulnerable 2026-06-08 07:18:58.966080 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-27151 vulnerable 2026-06-08 07:14:54.228478 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-21605 vulnerable 2026-06-08 07:08:57.023637 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-51741 vulnerable 2026-06-08 06:52:12.758080 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-46981 vulnerable 2026-06-08 06:48:10.941197 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31449 vulnerable 2026-06-08 06:35:31.543118 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31228 vulnerable 2026-06-08 06:35:31.131270 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31227 vulnerable 2026-06-08 06:35:31.129950 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-45145 vulnerable 2026-06-08 06:12:42.049916 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41056 vulnerable 2026-06-08 06:11:05.068472 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-41053 vulnerable 2026-06-08 06:11:05.059192 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-36824 vulnerable 2026-06-08 06:08:13.555418 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-28856 vulnerable 2026-06-08 06:02:36.543917 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-28425 vulnerable 2026-06-08 06:01:10.724955 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-25155 vulnerable 2026-06-08 05:56:08.592030 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-22458 vulnerable 2026-06-08 05:54:26.347518 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3647 vulnerable 2026-06-08 05:48:21.602046 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-36021 vulnerable 2026-06-08 05:46:06.161895 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35977 vulnerable 2026-06-08 05:46:06.086102 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-35951 vulnerable 2026-06-08 05:46:06.049339 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-31144 vulnerable 2026-06-08 05:43:40.279815 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-24834 vulnerable 2026-06-08 05:41:44.722442 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-24736 vulnerable 2026-06-08 05:41:01.486681 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-24735 vulnerable 2026-06-08 05:41:01.478498 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-41099 vulnerable 2026-06-08 05:35:19.736393 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32762 vulnerable 2026-06-08 05:32:07.984460 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32761 vulnerable 2026-06-08 05:32:07.982519 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32687 vulnerable 2026-06-08 05:32:07.839500 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32675 vulnerable 2026-06-08 05:32:07.813928 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32672 vulnerable 2026-06-08 05:32:07.806923 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32628 vulnerable 2026-06-08 05:32:07.700305 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32627 vulnerable 2026-06-08 05:32:07.699398 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32626 vulnerable 2026-06-08 05:32:07.692141 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-32625 vulnerable 2026-06-08 05:32:07.690491 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-31294 vulnerable 2026-06-08 05:31:52.335819 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-29478 vulnerable 2026-06-08 05:31:26.437026 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-29477 vulnerable 2026-06-08 05:31:26.435610 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-21309 vulnerable 2026-06-08 05:29:11.591202 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-8339 vulnerable 2026-06-08 05:08:14.126414 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.