ROSA LABROSA-SA-2023-2174Advisory ROSA-SA-2023-2174
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
52.7%
software: redis 7.0.11
OS: ROSA-CHROME
package_evr_string: redis-7.0.11-1.src.rpm
CVE-ID: CVE-2022-35977
BDU-ID: 2023-00695
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Redis database management system (DBMS) is related to integer overflow during object processing. Exploitation of the vulnerability could allow an attacker to cause a denial of service using SETRANGE and SORT/SORT_RO commands
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update redis
CVE-ID: CVE-2022-36021
BDU-ID: 2023-01308
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Redis database management system (DBMS) is related to insufficient control over internal resource consumption when mapping SCAN or KEYS commands to a specially crafted template. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update redis
CVE-ID: CVE-2022-3647
BDU-ID: 2022-06489
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Crash Report component of the Crash Report function sigsegvHandler of the debug.c file of the Redis database management system is related to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update redis
CVE-ID: CVE-2023-22458
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Redis is an in-memory database that is stored on disk. Authenticated users can execute the HRANDMIELD or ZRANDMEMBER command with specially crafted arguments to initiate a denial of service by crashing Redis due to an assertion error. This issue affects versions of Redis 6.2 or newer up to, but not including, 6.2.9, and versions 7.0 up to, but not including, 7.0.8.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis
CVE-ID: CVE-2023-25155
BDU-ID: 2023-01740
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Redis database management system is related to an integer memory buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using the SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update redis
CVE-ID: CVE-2023-28856
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Redis is an open source, in-memory database stored on disk. Authenticated users could use the HINCRBYFLOAT command to create an invalid hash field, which would cause Redis to crash when accessing vulnerable versions. This issue has been fixed in versions 7.0.11, 6.2.12, and 6.0.19.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
52.7%