Critical 10.0 Unfixed
2025-10-03≤ 2.4.18
Redis Lua Use-After-Free may lead to remote code execution
Redis 2.4
High 7.5 Unfixed
2021-10-04≤ 2.4.18
Vulnerability in handling large ziplists
High 7.5 Unfixed
2021-10-04≤ 2.4.18
Integer overflow issue with intsets in Redis
High 7.5 Unfixed
2021-10-04≤ 2.4.18
Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
High 7.5 Unfixed
2021-10-04≤ 2.4.18
Integer overflow issue with strings in Redis
High 7.0 Unfixed
2025-10-03≤ 2.4.18
Lua library commands may lead to integer overflow and potential RCE
High 7.0 Unfixed
2023-07-13≤ 2.4.18
Heap overflow issue with the Lua cjson library used by Redis
Medium 6.3 Unfixed
2025-10-03≤ 2.4.18
Redis is vulnerable to DoS via specially crafted LUA scripts
Medium 6.0 Unfixed
2025-10-03≤ 2.4.18
Redis: Authenticated users can execute LUA scripts as a different user
Medium 5.5 Unfixed
2023-01-20≤ 2.4.18
Integer overflow in certain command arguments can drive Redis to OOM panic
Medium 5.5 Unfixed
2023-03-01≤ 2.4.18
Redis string pattern matching can be abused to achieve Denial of Service
Medium 5.5 Unfixed
2023-03-02≤ 2.4.18
Integer Overflow in several Redis commands can lead to denial of service.
Medium 5.5 Unfixed
2023-04-18≤ 2.4.18
`HINCRBYFLOAT` can be used to crash a redis-server process
Medium 5.5 Unfixed
2024-10-07≤ 2.4.18
Denial-of-service due to unbounded pattern matching in Redis
Low 3.9 Unfixed
2022-04-27≤ 2.4.18
Lua scripts can be manipulated to overcome ACL rules in Redis
Low 3.3 Unfixed
2022-04-27≤ 2.4.18
A Malformed Lua script can crash Redis
N/A Unfixed
2016-08-10≤ 2.4.18
N/A Unfixed
2019-11-01≤ 2.4.18
N/A Unfixed
2019-11-01≤ 2.4.18
N/A Unfixed
2018-06-16≤ 2.4.18
N/A Unfixed
2021-07-21≤ 2.4.18