pkg:Bitnami/keydb

All known vulnerabilities

• CRITICAL9.9CVE-2025-49844Redis Lua Use-After-Free may lead to remote code execution
  from 0, < 6.2.20, >= 7.0.0, < 7.2.11, >= 7.3.0, < 7.4.6, >= 8.0.0, < 8.0.4, >= 8.1.0, < 8.2.2
• CRITICAL9.8CVE-2025-27151redis - security update
  >= 7.0.0
• CRITICAL9.8redis - security update
  from 0, < 6.3.4, >= 7.2.0
• CRITICAL9.8Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
  >= 7.0.0, < 7.0.5
• HIGH8.8redis-server RESTORE invalid memory access may allow remote code execution
  from 0, < 6.2.22, >= 7.0.0, < 7.2.14, >= 7.3.0, < 7.4.9, >= 8.0.0, < 8.2.6, >= 8.3.0, < 8.4.3, >= 8.5.0, < 8.6.3
• HIGH8.8redis-server use-after-free in unblock client flow may allow remote code execution
  >= 7.2.0, < 7.2.14, >= 7.3.0, < 7.4.9, >= 8.0.0, < 8.2.6, >= 8.3.0, < 8.4.3, >= 8.5.0, < 8.6.3
• HIGH8.8valkey - security update
  from 0, < 6.2.20, >= 7.0.0, < 7.2.11, >= 7.3.0, < 7.4.6, >= 8.0.0, < 8.0.4, >= 8.1.0, < 8.2.2
• HIGH8.8Lua library commands may lead to stack overflow and RCE in Redis
  >= 2.6.0, < 6.3.4, >= 7.0.0
• HIGH8.8redis - security update
  >= 2.6.0, < 6.0.20, >= 6.2.0, < 6.2.13, >= 7.0.0, < 7.0.12
• HIGH8.8Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
  >= 7.0.0, < 7.0.12
• HIGH8.8Potential heap overflow in Redis
  >= 7.0.0, < 7.0.4
• HIGH8.8Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH8.8redis - security update
  >= 2.6.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH8.1redis-server Lua use-after-free may allow remote code execution
  >= 7.2.0, < 7.2.14, >= 7.3.0, < 7.4.9, >= 8.0.0, < 8.2.6, >= 8.3.0, < 8.4.3, >= 8.5.0, < 8.6.3
• HIGH8.1Redis vulnerable to integer overflow in certain payloads
  >= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
• HIGH7.8redis - security update
  >= 2.8.0, < 6.2.19, >= 7.0.0, < 7.2.10, >= 8.0.0, < 8.0.3, >= 7.4.0, < 7.4.5
• HIGH7.8Lua scripts can be manipulated to overcome ACL rules in Redis
  from 0, < 6.2.7
• HIGH7.5Redis DoS Vulnerability due to bad connection error handling
  from 0, < 6.2.19, >= 7.0.0, < 7.2.10, >= 8.0.0, < 8.0.3, >= 7.4.0, < 7.4.5
• HIGH7.5redis - security update
  >= 2.6.0, < 6.2.18, >= 7.0.0, < 7.2.8, >= 7.3.0, < 7.4.3
• HIGH7.5Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
  >= 7.0.0, < 7.0.1
• HIGH7.5redis v7.0.10 was discovered to contain a segmentation violation.
  >= 7.0.10, < 7.0.11
• HIGH7.5Integer overflow issue with strings in Redis
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH7.5Integer overflow issue with intsets in Redis
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH7.5DoS vulnerability in Redis
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH7.5Vulnerability in handling large ziplists
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH7.5Integer overflow issue with Streams in Redis
  >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• HIGH7.3Redis: Authenticated users can execute LUA scripts as a different user
  from 0, < 6.2.20, >= 7.0.0, < 7.2.11, >= 7.3.0, < 7.4.6, >= 8.0.0, < 8.0.4, >= 8.1.0, < 8.2.2
• HIGH7.1Redis is vulnerable to DoS via specially crafted LUA scripts
  from 0, < 6.2.20, >= 7.0.0, < 7.2.11, >= 7.3.0, < 7.4.6, >= 8.0.0, < 8.0.4, >= 8.1.0, < 8.2.2
• MEDIUM6.5Denial-of-service due to unbounded pattern matching in Redis
  >= 2.2.5, < 6.3.4, >= 7.0.0
• MEDIUM6.5redis - security update
  from 0, < 6.0.19, >= 6.2.0, < 6.2.12, >= 7.0.0, < 7.0.11
• MEDIUM6.5Integer Overflow in several Redis commands can lead to denial of service.
  from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
• MEDIUM5.9Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifical…
  from 0, < 6.2.0
• MEDIUM5.5Specially crafted MSETNX command can lead to denial-of-service
  >= 7.0.8, < 7.0.10
• MEDIUM5.5redis - security update
  from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
• MEDIUM5.5Integer overflow in multiple Redis commands can lead to denial-of-service
  >= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
• MEDIUM5.5redis - security update
  >= 6.0.0, < 6.0.17, >= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
• MEDIUM5.5A Malformed Lua script can crash Redis
  from 0, < 6.2.7
• MEDIUM4.4Redis allows denial-of-service due to malformed ACL selectors
  >= 7.0.0
• MEDIUM4.4Denial-of-service due to malformed ACL selectors in Redis
  >= 7.0.0
• MEDIUM4.3Vulnerability in Lua Debugger in Redis
  >= 3.2.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
• LOW3.6redis - security update
  >= 2.6.0, < 6.2.14, >= 7.0.0, < 7.0.14, >= 7.2.0, < 7.2.2
• LOW3.5Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user.
  from 0, <= 8.0.3
• LOW3.3Redis SORT_RO may bypass ACL configuration
  >= 7.0.0, < 7.0.13, >= 7.2.0, < 7.2.1
• LOW3.3Redis Crash Report debug.c sigsegvHandler denial of service
  from 0, < 6.2.8, >= 7.0.0, < 7.0.6
• LOW3.1setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
• —RedisBloom RESTORE invalid memory access may allow remote code execution
  >= 8.0.0, < 8.2.6, >= 8.3.0, < 8.4.3, >= 8.5.0, < 8.6.3
• —RedisTimeSeries RESTORE invalid memory access may allow remote code execution
  >= 8.0.0, < 8.2.6, >= 8.3.0, < 8.4.3, >= 8.5.0, < 8.6.3
• —Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
  >= 8.2.0, < 8.2.3