Описание
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redis | fixed | 5:7.0.15-1 | package | |
| redis | not-affected | bullseye | package | |
| redis | not-affected | buster | package |
Примечания
Introduced with changes from: https://github.com/redis/redis/pull/11766 (which landed
in 7.2, but which also got backported to the 7.0. branch)
https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224 (7.0.15)
EPSS
Связанные уязвимости
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
EPSS