Описание
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A flaw was found in Redis. This flaw allows an authenticated attacker with sufficient privileges to create a malformed ACL selector that triggers a server panic and subsequent denial of service when accessed.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Will not fix | ||
| Red Hat Discovery | discovery-server-container | Not affected | ||
| Red Hat Enterprise Linux 8 | redis:6/redis | Will not fix | ||
| Red Hat Enterprise Linux 9 | redis | Will not fix | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Affected | ||
| Red Hat Enterprise Linux 9 | redis | Fixed | RHSA-2024:10869 | 05.12.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An ...
Уязвимость системы управления базами данных Redis, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.4 Medium
CVSS3