Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47206 | 1 Dragonflydb | 1 Dragonfly | 2026-06-26 | N/A |
| Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.9, Dragonfly has a RESP Protocol Injection via Lua redis.error_reply() in EvalSerializer. An authenticated user can inject arbitrary RESP messages into the connection's response stream, potentially causing response desynchronization in connection-pool clients. This vulnerability is fixed in 1.39.9. | ||||
| CVE-2026-54341 | 1 Dragonflydb | 1 Dragonfly | 2026-06-26 | 7.5 High |
| Dragonfly is an in-memory data store built for modern application workloads. Prior to 1.39.0, a crafted RESTORE payload triggers an out-of-bounds read in DragonflyDB's listpack collection loaders, crashing the entire server process (SIGSEGV). Because DragonflyDB requires no authentication by default and RESTORE is a normal keyspace command, an unauthenticated remote attacker can crash the server with a single ~24-byte command — a remote, repeatable denial of service. This vulnerability is fixed in 1.39.0. | ||||
| CVE-2025-52935 | 1 Dragonflydb | 1 Dragonfly | 2026-04-15 | N/A |
| Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18. | ||||
| CVE-2025-26269 | 1 Dragonflydb | 1 Dragonfly | 2025-07-11 | 3.3 Low |
| DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer. | ||||
| CVE-2025-26268 | 1 Dragonflydb | 1 Dragonfly | 2025-04-25 | 3.3 Low |
| DragonflyDB Dragonfly before 1.27.0 allows authenticated users to cause a denial of service (daemon crash) via a crafted Redis command. The validity of the scan cursor was not checked. | ||||
Page 1 of 1.