Описание
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redis | fixed | 5:7.0.15-2 | package | |
| redis | fixed | 5:7.0.15-1~deb12u2 | bookworm | package |
| redis | not-affected | bullseye | package | |
| redict | fixed | 7.3.1+ds-1 | package | |
| valkey | fixed | 8.0.1+dfsg1-1 | package |
Примечания
https://github.com/redis/redis/security/advisories/GHSA-38p4-26x2-vqhh
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a (7.2.6)
https://github.com/valkey-io/valkey/pull/1114
https://github.com/valkey-io/valkey/commit/4fbab5740bfef66918d6c2950dd2b3b4e07815a2 (8.0.1)
EPSS
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Уязвимость системы управления базами данных Redis, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS