Approved changes feed: RSS · Atom
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Redis (6c818399-7e28-57a6-8fa0-307b3f9a96f5) |
|---|---|
| Product | Redis (56983391-c965-509a-bb47-f44d8ba59efe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/redis |
purl2cpe | 2026-06-01 10:11:34.097658 |
pkg:deb/ubuntu/redis |
purl2cpe | 2026-06-01 10:11:34.097660 |
pkg:docker/redis |
purl2cpe | 2026-06-01 10:11:34.097662 |
pkg:github/redis/redis |
purl2cpe | 2026-06-01 10:11:34.097664 |
pkg:rpm/centos/redis |
purl2cpe | 2026-06-01 10:11:34.097666 |
pkg:rpm/opensuse/redis |
purl2cpe | 2026-06-01 10:11:34.097668 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-25243 |
vulnerable | 2026-06-08 07:53:19.544576 |
redis-server RESTORE invalid memory access may allow remote code execution
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This is patched in version 8.6.3.
Published: 2026-05-05T16:44:57.306Z
Updated: 2026-06-30T12:06:15.807Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-23631 |
vulnerable | 2026-06-08 07:51:15.691670 |
redis-server Lua use-after-free may allow remote code execution
Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remote code execution. A workaround is to prevent users from executing Lua scripts or avoid using replicas where replica-read-only is disabled. This is patched in version 8.6.3.
Published: 2026-05-05T16:39:32.337Z
Updated: 2026-06-30T12:05:59.073Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-23479 |
vulnerable | 2026-06-08 07:51:15.503471 |
redis-server use-after-free in unblock client flow may allow remote code execution
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Published: 2026-05-05T16:36:05.486Z
Updated: 2026-06-30T12:06:44.727Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62507 |
vulnerable | 2026-06-08 07:37:29.872823 |
Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
Published: 2025-11-04T21:24:44.802Z
Updated: 2026-02-26T17:47:18.954Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49844 |
vulnerable | 2026-06-08 07:29:14.998249 |
Redis Lua Use-After-Free may lead to remote code execution
CRITICAL (10)
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Published: 2025-10-03T19:27:23.609Z
Updated: 2026-03-20T14:08:37.823Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48367 |
vulnerable | 2026-06-08 07:27:15.747257 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46819 |
vulnerable | 2026-06-08 07:27:08.931596 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46818 |
vulnerable | 2026-06-08 07:27:08.931222 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46817 |
vulnerable | 2026-06-08 07:27:08.930929 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46686 |
vulnerable | 2026-06-08 07:27:08.600479 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-32023 |
vulnerable | 2026-06-08 07:18:58.966080 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27151 |
vulnerable | 2026-06-08 07:14:54.228478 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-21605 |
vulnerable | 2026-06-08 07:08:57.023637 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-51741 |
vulnerable | 2026-06-08 06:52:12.758080 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-46981 |
vulnerable | 2026-06-08 06:48:10.941197 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31449 |
vulnerable | 2026-06-08 06:35:31.543118 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31228 |
vulnerable | 2026-06-08 06:35:31.131270 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31227 |
vulnerable | 2026-06-08 06:35:31.129950 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-45145 |
vulnerable | 2026-06-08 06:12:42.049916 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41056 |
vulnerable | 2026-06-08 06:11:05.068472 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41053 |
vulnerable | 2026-06-08 06:11:05.059192 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36824 |
vulnerable | 2026-06-08 06:08:13.555418 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28856 |
vulnerable | 2026-06-08 06:02:36.543917 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28425 |
vulnerable | 2026-06-08 06:01:10.724955 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25155 |
vulnerable | 2026-06-08 05:56:08.592030 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22458 |
vulnerable | 2026-06-08 05:54:26.347518 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-3647 |
vulnerable | 2026-06-08 05:48:21.602046 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36021 |
vulnerable | 2026-06-08 05:46:06.161895 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35977 |
vulnerable | 2026-06-08 05:46:06.086102 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-35951 |
vulnerable | 2026-06-08 05:46:06.049339 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31144 |
vulnerable | 2026-06-08 05:43:40.279815 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24834 |
vulnerable | 2026-06-08 05:41:44.722442 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24736 |
vulnerable | 2026-06-08 05:41:01.486681 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24735 |
vulnerable | 2026-06-08 05:41:01.478498 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-41099 |
vulnerable | 2026-06-08 05:35:19.736393 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32762 |
vulnerable | 2026-06-08 05:32:07.984460 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32761 |
vulnerable | 2026-06-08 05:32:07.982519 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32687 |
vulnerable | 2026-06-08 05:32:07.839500 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32675 |
vulnerable | 2026-06-08 05:32:07.813928 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32672 |
vulnerable | 2026-06-08 05:32:07.806923 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32628 |
vulnerable | 2026-06-08 05:32:07.700305 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32627 |
vulnerable | 2026-06-08 05:32:07.699398 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32626 |
vulnerable | 2026-06-08 05:32:07.692141 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-32625 |
vulnerable | 2026-06-08 05:32:07.690491 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-31294 |
vulnerable | 2026-06-08 05:31:52.335819 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29478 |
vulnerable | 2026-06-08 05:31:26.437026 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-29477 |
vulnerable | 2026-06-08 05:31:26.435610 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-21309 |
vulnerable | 2026-06-08 05:29:11.591202 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-8339 |
vulnerable | 2026-06-08 05:08:14.126414 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.