Описание
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.
An out-of-bounds write flaw was found in RedisGraph, a module for the Redis server, due to improper code logic after a valid authentication. This issue may lead to arbitrary code execution.
Отчет
The default security model [1] for Redis servers dictates that deployments should be made in trusted environments and accessed by trusted clients. Therefore, using the default model, an attacker should only be able to trigger this vulnerability through adjacent networks after compromise of internal access controls. [1] https://redis.io/docs/management/security/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/redisgraph-tls-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.
Уязвимость графовой базы данных RedisGraph, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3