CVE-2020-35668

Опубликовано: 21 дек. 2020

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	redisgraph-tls	Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2	search-aggregator	Not affected
Red Hat Advanced Cluster Management for Kubernetes 2	search-api	Not affected
Red Hat Advanced Cluster Management for Kubernetes 2	acmesolver-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	acm-must-gather-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	acm-operator-bundle-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	application-ui-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	cainjector-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	cert-manager-controller-container	Fixed	RHEA-2021:0729	04.03.2021
Red Hat Advanced Cluster Management for Kubernetes 2	cert-manager-webhook-container	Fixed	RHEA-2021:0729	04.03.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20->CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1911331redisgraph: NULL pointer dereference because it mishandles an unquoted string

EPSS

Процентиль: 56%

0.00336

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-35668

CVSS3: 7.5

nvd

около 5 лет назад

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.

GHSA-j5gx-c23h-6w7f

github

больше 3 лет назад

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.

EPSS

Процентиль: 56%

0.00336

Низкий

7.5 High

CVSS3