Redis 5.0

Redis Lua Use-After-Free may lead to remote code execution

Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Integer overflow issue with Streams in Redis

Vulnerability in handling large ziplists

Lua scripts can overflow the heap-based Lua stack in Redis

Integer overflow issue with intsets in Redis

DoS vulnerability in Redis

Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms

Integer overflow issue with strings in Redis

Redis allows out of bounds writes in hyperloglog commands leading to RCE

Lua library commands may lead to integer overflow and potential RCE

Heap overflow issue with the Lua cjson library used by Redis

Redis is vulnerable to DoS via specially crafted LUA scripts

Redis: Authenticated users can execute LUA scripts as a different user

Integer overflow in certain command arguments can drive Redis to OOM panic

Redis string pattern matching can be abused to achieve Denial of Service

Integer Overflow in several Redis commands can lead to denial of service.

`HINCRBYFLOAT` can be used to crash a redis-server process

Denial-of-service due to unbounded pattern matching in Redis

Vulnerability in Lua Debugger in Redis

Lua scripts can be manipulated to overcome ACL rules in Redis

Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

A Malformed Lua script can crash Redis