Описание
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| redict | fixed | 7.3.5+ds-1 | package | |
| redis | fixed | 5:8.0.2-2 | package | |
| valkey | fixed | 8.1.1+dfsg1-3 | package |
Примечания
https://codeberg.org/redict/redict/issues/105
https://github.com/redis/redis/security/advisories/GHSA-4q32-c38c-pwgq
Fixed by: https://github.com/redis/redis/commit/bde62951accfc4bb0a516276fd0b4b307e140ce2 (8.0.3)
https://github.com/valkey-io/valkey/pull/2315
Fixed by: https://github.com/valkey-io/valkey/commit/cb10d9d78f35945b667e46967b3980e89954d73b
EPSS
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Redis DoS Vulnerability due to bad connection error handling
Уязвимость сервера системы управления базами данных (СУБД) Redis, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS