Описание
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue an HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial of service by crashing Redis with an assertion failure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Not affected | ||
| Red Hat Enterprise Linux 8 | redis | Will not fix | ||
| Red Hat Enterprise Linux 9 | redis | Will not fix | ||
| Red Hat Fuse 7 | redis | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | redis | Out of support scope | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Will not fix | ||
| Red Hat Satellite 6 | satellite:el8/rubygem-gitlab-sidekiq-fetcher | Not affected | ||
| Red Hat Satellite 6 | tfm-rubygem-gitlab-sidekiq-fetcher | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Integer overflow in multiple Redis commands can lead to denial-of-service
Redis is an in-memory database that persists on disk. Authenticated us ...
Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3