Ankki-Zsyang

**Name of the Vulnerable Software and Affected Versions** DragonflyDB Dragonfly versions prior to 1.27.0 **Description** The issue allows authenticated users to cause a denial of service, resulting in a daemon crash, by sending a crafted Redis command. The problem stems from the lack of validation of the scan cursor's validity. **Recommendations** For versions prior to 1.27.0, update to version 1.27.0 or later to resolve the issue. As a temporary workaround, consider restricting access to Redis commands to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 6.2.16, prior to 7.2.6, and prior to 7.4.1. Redis versions 6.2.16-alt1, 6.2.17-alt1, 7.2.10-alt1, 7.2.11-alt1. **Description** Redis is an in-memory database. An authenticated user can use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, potentially leading to remote code execution. The vulnerability exists in all versions of Redis with Lua scripting enabled. There are no known workarounds for this issue. **Recommendations** Upgrade Redis to version 6.2.16 or later. Upgrade Redis to version 7.2.6 or later. Upgrade Redis to version 7.4.1 or later. Upgrade Redis to version 6.2.16-alt1. Upgrade Redis to version 6.2.17-alt1. Upgrade Redis to version 7.2.10-alt1. Upgrade Redis to version 7.2.11-alt1.