Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Redis — Vulnerabilities & Security Advisories 49

Browse all 49 CVE security advisories affecting Redis. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Redis functions primarily as an in-memory data structure store, utilized extensively for caching, database, and message broker applications. Its architecture, while optimized for high-performance read/write operations, has historically exposed it to significant security risks, particularly when deployed with default configurations. Common vulnerability classes include remote code execution (RCE) via the EVAL command, insecure configuration leading to unauthorized access, and privilege escalation through improper file system permissions. Notable incidents often stem from the lack of authentication by default or the exposure of the Redis port to untrusted networks, allowing attackers to write malicious SSH keys or deploy web shells. With 49 recorded CVEs, these flaws highlight the critical importance of network segmentation, enabling authentication, and restricting command access. Organizations must implement strict firewall rules and disable dangerous commands to mitigate these persistent threats effectively.

Top products by Redis: redis hiredis go-redis
CVE IDTitleCVSSSeverityPublished
CVE-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow — redisCWE-190 7.0 High2022-09-23
CVE-2022-31144 Potential heap overflow in Redis — redisCWE-122 7.0 High2022-07-19
CVE-2022-24736 A Malformed Lua script can crash Redis — redisCWE-476 3.3 Low2022-04-27
CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis — redisCWE-94 3.9 Low2022-04-27
CVE-2021-41099 Integer overflow issue with strings in Redis — redisCWE-190 7.5 High2021-10-04
CVE-2021-32762 Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms — redisCWE-190 7.5 High2021-10-04
CVE-2021-32687 Integer overflow issue with intsets in Redis — redisCWE-190 7.5 High2021-10-04
CVE-2021-32675 DoS vulnerability in Redis — redisCWE-770 7.5 High2021-10-04
CVE-2021-32672 Vulnerability in Lua Debugger in Redis — redisCWE-125 5.3 Medium2021-10-04
CVE-2021-32627 Integer overflow issue with Streams in Redis — redisCWE-190 7.5 High2021-10-04
CVE-2021-32628 Vulnerability in handling large ziplists — redisCWE-190 7.5 High2021-10-04
CVE-2021-32626 Lua scripts can overflow the heap-based Lua stack in Redis — redisCWE-122 7.5 High2021-10-04
CVE-2021-32765 Integer Overflow to Buffer Overflow in Hiredis — hiredisCWE-190 8.8 High2021-10-04
CVE-2021-32761 Integer overflow issues with *BIT commands on 32-bit systems — redisCWE-125 7.5 High2021-07-21
CVE-2021-32625 Redis vulnerability in STRALGO LCS on 32-bit systems — redisCWE-680 7.5 High2021-06-02
CVE-2021-29478 Vulnerability in the COPY command for large intsets — redisCWE-190 7.5 High2021-05-04
CVE-2021-29477 Vulnerability in the STRALGO LCS command — redisCWE-190 7.5 High2021-05-04
CVE-2021-21309 Integer overflow on 32-bit systems — redisCWE-190 5.4 Medium2021-02-26
CVE-2016-8339 Redis 缓冲区错误漏洞 — Redis 9.8 -2016-10-28

This page lists every published CVE security advisory associated with Redis. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.