| Package | redis |
|---|---|
| Version | 2:2.8.17-1+deb8u13 (jessie), 3:3.2.6-3+deb9u13 (stretch), 5:5.0.14-1+deb10u6 (buster) |
| Related CVEs | CVE-2022-35977 CVE-2022-36021 CVE-2023-25155 CVE-2024-31228 CVE-2024-31449 |
Multiple vulnerabilities have been fixed in the key–value database Redis.
CVE-2022-35977
integer overflows in SETRANGE and SORT
CVE-2022-36021 (jessie, stretch)
string pattern matching DoS
CVE-2023-25155
SRANDMEMBER integer overflow
CVE-2024-31228
unbounded pattern matching DoS
CVE-2024-31449 (stretch)
Lua bit library stack overflow
For Debian 10 buster, these problems have been fixed in version 5:5.0.14-1+deb10u6.
For Debian 8 jessie, these problems have been fixed in version 2:2.8.17-1+deb8u13.
For Debian 9 stretch, these problems have been fixed in version 3:3.2.6-3+deb9u13.
We recommend that you upgrade your redis packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.