Veracode Vulnerability DatabaseVERACODE:32382Denial Of Service (DoS)
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
Redis is vulnerable to denial of service. The vulnerability exists due to the debuggers protocol parser to read data beyond the actual buffer.
References
github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
lists.fedoraproject.org/archives/list/[email protected]/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
lists.fedoraproject.org/archives/list/[email protected]/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
lists.fedoraproject.org/archives/list/[email protected]/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.11/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
security.gentoo.org/glsa/202209-17
security.netapp.com/advisory/ntap-20211104-0003/
www.debian.org/security/2021/dsa-5001
www.oracle.com/security-alerts/cpuapr2022.html
Related
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N