Описание
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h (host) command line parameter. The redis-cli may be used by other services; if these services do not adequately filter the host input it could lead to code execution with the privilege level of that service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 3 | grafana | Not affected | ||
| Red Hat Enterprise Linux 8 | redis | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | redis | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | redis | Will not fix | ||
| Red Hat Mobile Application Platform 4 | rhmap-redis-docker | Not affected | ||
| Red Hat OpenStack Platform 12 (Pike) | redis | Fix deferred | ||
| Red Hat OpenStack Platform 8 (Liberty) | redis | Fix deferred | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | redis | Fix deferred | ||
| Red Hat OpenStack Platform 9 (Mitaka) | redis | Fix deferred | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | redis | Fix deferred |
Показывать по
Дополнительная информация
Статус:
3.3 Low
CVSS3
Связанные уязвимости
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 ...
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
Уязвимость интерфейса redis-cli системы управления базами данных (СУБД) Redis, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
3.3 Low
CVSS3