Описание
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 5:7.0.15-1build2 |
| esm-apps/bionic | released | 5:4.0.9-1ubuntu0.2+esm4 |
| esm-apps/focal | released | 5:5.0.7-2ubuntu0.1+esm2 |
| esm-apps/jammy | released | 5:6.0.16-1ubuntu1+esm1 |
| esm-apps/noble | not-affected | 5:7.0.12-1 |
| esm-apps/xenial | released | 2:3.0.6-1ubuntu0.4+esm2 |
| esm-infra-legacy/trusty | released | 2:2.8.4-2ubuntu0.2+esm3 |
| focal | ignored | end of standard support, was needed |
| jammy | needed |
Показывать по
Ссылки на источники
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Integer Overflow in several Redis commands can lead to denial of service.
Redis is an in-memory database that persists on disk. Authenticated us ...
Уязвимость системы управления баз данных Redis, связанная с целочисленным переполнением буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.5 Medium
CVSS3