Published: 01/03/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 0

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redis redis

Redis is an in-memory database that persists on disk Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic The problem is fixed in Redis versions 708, 629 and 6017 ...

DescriptionA vulnerability was found in Redis This flaw allows an authenticated to use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU timeA vulnerability was found in Redis This flaw allows an authenticated to use stri ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-407 https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALASREDIS6-2023-001.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11

CVE-2022-36021

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect