Описание
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
A flaw was found in the Redis server. An authenticated attacker with sufficient privileges can create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service.
Отчет
This vulnerability affects Redis versions 7.0.0 or newer.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9 | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Not affected | ||
| Red Hat Discovery 1 | discovery-server-container | Not affected | ||
| Red Hat Enterprise Linux 8 | redis:6/redis | Not affected | ||
| Red Hat Enterprise Linux 9 | redis | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-amd-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-amd-rhel9 | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/instructlab-amd-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Redis is an open source, in-memory database that persists on disk. An ...
Уязвимость системы управления базами данных Redis, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.4 Medium
CVSS3