pkg:Debian/redis

97 total CVEsCRITICAL15HIGH52MEDIUM19LOW9

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2022-0543⚠ KEVredis - security update
    from 0, < 5:5.0.14-1+deb10u2
  • CRITICAL10.0CVE-2022-0543⚠ KEVredis - security update
    from 0, < 5:6.0.16-1+deb11u2
  • CRITICAL9.9CVE-2025-49844Redis Lua Use-After-Free may lead to remote code execution
    from 0, < 5:6.0.16-1+deb11u8
  • CRITICAL9.8CVE-2025-27151redis-check-aof may lead to stack overflow and potential RCE
    from 0, < 5:7.0.15-1~deb12u5
  • CRITICAL9.8CVE-2025-27151redis-check-aof may lead to stack overflow and potential RCE
    from 0, < 5:7.0.15-1~deb12u5
  • CRITICAL9.8CVE-2024-46981Redis' Lua library commands may lead to remote code execution
    from 0, < 5:6.0.16-1+deb11u5
  • CRITICAL9.8CVE-2024-46981Redis' Lua library commands may lead to remote code execution
    from 0, < 5:7.0.15-1~deb12u3
  • CRITICAL9.8CVE-2024-46981Redis' Lua library commands may lead to remote code execution
    from 0, < 5:6.0.16-1+deb11u5
  • CRITICAL9.8CVE-2022-35951Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
    from 0, < 5:7.0.5-1
  • CRITICAL9.8CVE-2018-11219An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x befo…
    from 0, < 5:4.0.10-1
  • CRITICAL9.8CVE-2018-11218redis - security update
    from 0, < 5:4.0.10-1
  • CRITICAL9.8CVE-2018-11218redis - security update
    from 0, < 3:3.2.6-3+deb9u1
  • CRITICAL9.8CVE-2018-11218redis - security update
    from 0, < 2:2.8.17-1+deb8u6
  • CRITICAL9.8CVE-2017-15047The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and app…
    from 0, < 4:4.0.2-5
  • CRITICAL9.8CVE-2016-8339A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent.
    from 0, < 3:3.2.4-1
  • HIGH8.8CVE-2026-25243redis-server RESTORE invalid memory access may allow remote code execution
    from 0
  • HIGH8.8CVE-2026-23479redis-server use-after-free in unblock client flow may allow remote code execution
    from 0
  • HIGH8.8CVE-2025-46817Lua library commands may lead to integer overflow and potential RCE
    from 0, < 5:7.0.15-1~deb12u6
  • HIGH8.8CVE-2025-46817Lua library commands may lead to integer overflow and potential RCE
    from 0, < 5:6.0.16-1+deb11u8
  • HIGH8.8CVE-2025-46817Lua library commands may lead to integer overflow and potential RCE
    from 0, < 5:6.0.16-1+deb11u8
  • HIGH8.8CVE-2024-31449Lua library commands may lead to stack overflow and RCE in Redis
    from 0
  • HIGH8.8CVE-2022-24834Heap overflow issue with the Lua cjson library used by Redis
    from 0, < 5:6.0.16-1+deb11u3
  • HIGH8.8CVE-2022-24834Heap overflow issue with the Lua cjson library used by Redis
    from 0, < 5:6.0.16-1+deb11u3
  • HIGH8.8CVE-2022-24834Heap overflow issue with the Lua cjson library used by Redis
    from 0, < 5:7.0.15-1~deb12u1
  • HIGH8.8CVE-2023-36824Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
    from 0, < 5:7.0.15-1~deb12u1
  • HIGH8.8CVE-2022-31144Potential heap overflow in Redis
    from 0, < 5:7.0.4-1
  • HIGH8.8CVE-2021-32762Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH8.8CVE-2021-32626Lua scripts can overflow the heap-based Lua stack in Redis
    from 0, < 3:3.2.6-3+deb9u8
  • HIGH8.8CVE-2021-32626Lua scripts can overflow the heap-based Lua stack in Redis
    from 0, < 5:5.0.14-1+deb10u1
  • HIGH8.8CVE-2021-32626Lua scripts can overflow the heap-based Lua stack in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH8.8CVE-2021-32625Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
    from 0, < 5:6.0.14-1
  • HIGH8.8CVE-2021-29478Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
    from 0, < 5:6.0.13-1
  • HIGH8.8CVE-2021-29477Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker.
    from 0, < 5:6.0.13-1
  • HIGH8.8CVE-2021-21309redis - security update
    from 0, < 5:6.0.11-1
  • HIGH8.8CVE-2021-21309redis - security update
    from 0, < 3:3.2.6-3+deb9u4
  • HIGH8.4CVE-2018-12326Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to hig…
    from 0, < 5:4.0.10-1
  • HIGH8.1CVE-2026-23631redis-server Lua use-after-free may allow remote code execution
    from 0
  • HIGH8.1CVE-2023-41056Redis vulnerable to integer overflow in certain payloads
    from 0, < 5:7.0.15-1~deb12u1
  • HIGH7.8CVE-2025-32023Redis allows out of bounds writes in hyperloglog commands leading to RCE
    from 0, < 5:6.0.16-1+deb11u7
  • HIGH7.8CVE-2025-32023Redis allows out of bounds writes in hyperloglog commands leading to RCE
    from 0, < 5:6.0.16-1+deb11u7
  • HIGH7.8CVE-2022-24735Lua scripts can be manipulated to overcome ACL rules in Redis
    from 0
  • HIGH7.7CVE-2020-14147redis - security update
    from 0, < 5:6.0.0-1
  • HIGH7.7CVE-2020-14147redis - security update
    from 0, < 5:5.0.3-4+deb10u2
  • HIGH7.5CVE-2026-21863Malformed Valkey Cluster bus message can lead to Remote DoS
    from 0, < 5:7.0.15-1~deb12u7
  • HIGH7.5CVE-2025-48367Redis DoS Vulnerability due to bad connection error handling
    from 0, < 5:6.0.16-1+deb11u7
  • HIGH7.5CVE-2025-21605Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
    from 0, < 5:6.0.16-1+deb11u6
  • HIGH7.5CVE-2025-21605Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
    from 0, < 5:6.0.16-1+deb11u6
  • HIGH7.5CVE-2021-41099Integer overflow issue with strings in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH7.5CVE-2021-32687Integer overflow issue with intsets in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH7.5CVE-2021-32675DoS vulnerability in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH7.5CVE-2021-32628Vulnerability in handling large ziplists
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH7.5CVE-2021-32627Integer overflow issue with Streams in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • HIGH7.5CVE-2020-21468A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS).
    from 0
  • HIGH7.5CVE-2021-32761redis - security update
    from 0, < 3:3.2.6-3+deb9u5
  • HIGH7.5CVE-2021-32761redis - security update
    from 0, < 5:6.0.15-1
  • HIGH7.5CVE-2021-32761redis - security update
    from 0, < 3:3.2.6-3+deb9u6
  • HIGH7.5CVE-2015-8080redis - security update
    from 0, < 2:3.0.5-4
  • HIGH7.5CVE-2015-8080redis - security update
    from 0, < 2:2.8.17-1+deb8u3
  • HIGH7.4CVE-2016-10517redis - security update
    from 0, < 2:2.4.14-1+deb7u2
  • HIGH7.4CVE-2016-10517redis - security update
    from 0, < 3:3.2.7-1
  • HIGH7.3CVE-2025-46818Redis: Authenticated users can execute LUA scripts as a different user
    from 0
  • HIGH7.2CVE-2019-10193A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5…
    from 0, < 5:5.0.4-1
  • HIGH7.2CVE-2019-10192redis - security update
    from 0, < 5:5.0.4-1
  • HIGH7.2CVE-2019-10192redis - security update
    from 0, < 2:2.8.17-1+deb8u7
  • HIGH7.2CVE-2019-10192redis - security update
    from 0, < 3:3.2.6-3+deb9u3
  • HIGH7.1CVE-2025-67733Valkey Affected by RESP Protocol Injection via Lua error_reply
    from 0, < 5:7.0.15-1~deb12u7
  • HIGH7.1CVE-2025-46819Redis is vulnerable to DoS via specially crafted LUA scripts
    from 0, < 5:6.0.16-1+deb11u8
  • MEDIUM6.5CVE-2024-31228Denial-of-service due to unbounded pattern matching in Redis
    from 0, < 5:6.0.16-1+deb11u4
  • MEDIUM6.5CVE-2023-28856`HINCRBYFLOAT` can be used to crash a redis-server process
    from 0, < 5:5.0.14-1+deb10u4
  • MEDIUM6.5CVE-2023-28856`HINCRBYFLOAT` can be used to crash a redis-server process
    from 0, < 5:6.0.16-1+deb11u3
  • MEDIUM6.5CVE-2023-25155Integer Overflow in several Redis commands can lead to denial of service.
    from 0, < 5:6.0.16-1+deb11u3
  • MEDIUM5.9CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifical…
    from 0
  • MEDIUM5.5CVE-2023-28425Specially crafted MSETNX command can lead to denial-of-service
    from 0, < 5:7.0.10-1
  • MEDIUM5.5CVE-2022-36021Redis string pattern matching can be abused to achieve Denial of Service
    from 0, < 5:5.0.14-1+deb10u3
  • MEDIUM5.5CVE-2022-36021Redis string pattern matching can be abused to achieve Denial of Service
    from 0, < 5:6.0.16-1+deb11u3
  • MEDIUM5.5CVE-2023-22458Integer overflow in multiple Redis commands can lead to denial-of-service
    from 0, < 5:7.0.8-1
  • MEDIUM5.5CVE-2022-35977Integer overflow in certain command arguments can drive Redis to OOM panic
    from 0, < 5:6.0.16-1+deb11u4
  • MEDIUM5.5CVE-2022-35977Integer overflow in certain command arguments can drive Redis to OOM panic
    from 0, < 5:6.0.16-1+deb11u4
  • MEDIUM5.5CVE-2022-24736A Malformed Lua script can crash Redis
    from 0
  • MEDIUM5.5CVE-2013-0180Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.
    from 0, < 2:2.6.7-1
  • MEDIUM5.5CVE-2013-0178Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.
    from 0, < 2:2.6.0-1
  • MEDIUM5.5CVE-2016-2121A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitiv…
    from 0, < 3:3.2.5-2
  • MEDIUM5.3CVE-2021-3470A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than je…
    from 0, < 5:6.0.9-1
  • MEDIUM4.4CVE-2024-51741Redis allows denial-of-service due to malformed ACL selectors
    from 0, < 5:7.0.15-1~deb12u3
  • MEDIUM4.4CVE-2024-31227Denial-of-service due to malformed ACL selectors in Redis
    from 0, < 5:7.0.15-1~deb12u2
  • MEDIUM4.3CVE-2021-32672Vulnerability in Lua Debugger in Redis
    from 0, < 5:6.0.16-1+deb11u1
  • LOW3.6CVE-2023-45145Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
    from 0, < 5:5.0.14-1+deb10u5
  • LOW3.6CVE-2023-45145Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
    from 0, < 5:6.0.16-1+deb11u3
  • LOW3.5CVE-2025-46686Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user.
    from 0
  • LOW3.3CVE-2023-41053Redis SORT_RO may bypass ACL configuration
    from 0, < 5:7.0.15-1~deb12u1
  • LOW3.3CVE-2022-3647Redis Crash Report debug.c sigsegvHandler denial of service
    from 0
  • LOW3.3CVE-2013-7458redis - security update
    from 0, < 2:2.8.17-1+deb8u5
  • LOW3.3CVE-2013-7458redis - security update
    from 0, < 2:2.4.14-1+deb7u1
  • LOW3.3CVE-2013-7458redis - security update
    from 0, < 2:3.2.1-4
  • LOW3.1CVE-2025-49112setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
    from 0
  • CVE-2015-4335redis - security update
    from 0, < 2:2.8.17-1+deb8u1
  • CVE-2015-4335redis - security update
    from 0, < 2:3.0.2-1