Описание
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redis | fixed | 5:7.0.9-1 | package |
Примечания
https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
https://github.com/redis/redis/commit/0825552565e5fdab2e87950579c4f0bedded3e3c (7.0.9)
EPSS
Связанные уязвимости
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Redis string pattern matching can be abused to achieve Denial of Service
Уязвимость системы управления базами данных (СУБД) Redis, связанная с недостаточным контролем потребления внутренних ресурсов при сопоставлении команд SCAN или KEYS со специально созданным шаблоном, позволяющая нарушителю вызвать отказ в обслуживании
EPSS