Описание
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
A flaw was found in the Redis package. If a replica sends a SET command to its master during a failover, the master crashes on assertion.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-617: Reachable Assertion vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. Red Hat enforces strict input validation to ensure all user-supplied data conforms to expected formats and boundaries, reducing the likelihood that malformed input could trigger unintended application states. Assertions and other insecure constructs are identified through static code analysis and peer reviews, and are excluded from production builds to prevent exposure of internal logic or disruption of system behavior. Error-handling routines ensure that invalid conditions are managed gracefully without causing unpredictable behavior or system instability. Additionally, system components are designed to fail in a known, controlled state, minimizing the risk and impact of reachable assertion conditions in the environment.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Affected | ||
| Red Hat Enterprise Linux 8 | redis:6/redis | Will not fix | ||
| Red Hat Enterprise Linux 9 | redis | Not affected | ||
| Red Hat Fuse 7 | redis | Will not fix | ||
| Red Hat OpenStack Platform 16.1 | openstack-redis-base-container | Not affected | ||
| Red Hat OpenStack Platform 16.1 | openstack-redis-container | Will not fix | ||
| Red Hat OpenStack Platform 17.0 | openstack-redis-container | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Redis before 6cbea7d allows a replica to cause an assertion failure in ...
Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
EPSS
5.9 Medium
CVSS3