Red Hat Security Advisory: redis:6 security update
🔗 CVE IDs covered (10)
📋 Description
CVE-2022-24834 — redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-35977 — redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic CVE-2022-36021 — redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow CVE-2023-22458 — redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service CVE-2023-25155 — redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack CVE-2023-28856 — redis: Insufficient validation of HINCRBYFLOAT command CVE-2023-45145 — redis: possible bypass of Unix socket permissions on startup CVE-2024-31228 — redis: Denial-of-service due to unbounded pattern matching in Redis CVE-2024-31449 — redis: Lua library commands may lead to stack overflow and RCE in Redis CVE-2024-46981 — redis: Redis' Lua library commands may lead to remote code execution
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2025:0595
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2163132
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2163133
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174305
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2174306
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2187525
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2221662
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2244940
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317056
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317058
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2336004
- externalhttps://issues.redhat.com/browse/RHEL-66165
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_0595.json