Количество 12
Количество 12
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command.
CVE-2021-32628
Vulnerability in handling large ziplists
CVE-2021-32628
Redis is an open source, in-memory database that persists on disk. An ...
BDU:2021-04969
Уязвимость структуры данных ziplist системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код
RLSA-2021:3945
Important: redis:6 security update
RLSA-2021:3918
Important: redis:5 security update
ELSA-2021-3945
ELSA-2021-3945: redis:6 security update (IMPORTANT)
ELSA-2021-3918
ELSA-2021-3918: redis:5 security update (IMPORTANT)
openSUSE-SU-2021:3772-1
Security update for redis
SUSE-SU-2021:3772-1
Security update for redis
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | CVE-2021-32628 Vulnerability in handling large ziplists | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
| CVE-2021-32628 Redis is an open source, in-memory database that persists on disk. An ... | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | BDU:2021-04969 Уязвимость структуры данных ziplist системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
 | RLSA-2021:3945 Important: redis:6 security update | около 4 лет назад | ||
| RLSA-2021:3918 Important: redis:5 security update | около 4 лет назад | ||
| ELSA-2021-3945 ELSA-2021-3945: redis:6 security update (IMPORTANT) | около 4 лет назад | ||
| ELSA-2021-3918 ELSA-2021-3918: redis:5 security update (IMPORTANT) | около 4 лет назад | ||
 | openSUSE-SU-2021:3772-1 Security update for redis | около 4 лет назад | ||
| SUSE-SU-2021:3772-1 Security update for redis | около 4 лет назад |
Уязвимостей на страницу