8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%
Redis is an open source, in-memory database that persists on disk. The
redis-cli command line tool and redis-sentinel service may be vulnerable to
integer overflow when parsing specially crafted large multi-bulk network
replies. This is a result of a vulnerability in the underlying hiredis
library which does not perform an overflow check before calling the
calloc() heap allocation function. This issue only impacts systems with
heap allocators that do not perform their own overflow checks. Most modern
systems do and are therefore not likely to be affected. Furthermore, by
default redis-sentinel uses the jemalloc allocator which is also not
vulnerable. The problem is fixed in Redis versions 6.2.6, 6.0.16 and
5.0.14.
Author | Note |
---|---|
seth-arnold | this appears to be about systems with a non-functional calloc() call. This feels like it should be a bug report abuot those allocator libraries with a broken calloc() instead. I assume this is not actually applicable to anything we ship. |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%