3.6 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
10.6%
libredis.so is vulnerable to Race Condition. The vulnerability allows an attacker to gain unauthorized access to a Redis server by exploiting a race condition that occurs when the server is starting up. The attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Redis server which would cause the server to create a new socket file with insecure permissions. The attacker could then connect to this socket file and gain unauthorized access to the server.
github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1
github.com/redis/redis/pull/12671
github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx
lists.debian.org/debian-lts-announce/2023/10/msg00032.html
lists.fedoraproject.org/archives/list/[email protected]/message/464JPNBWE433ZGYXO3KN72VR3KJPWHAW/
lists.fedoraproject.org/archives/list/[email protected]/message/BNEK2K4IE7MPKRD6H36JXZMJKYS6I5GQ/
lists.fedoraproject.org/archives/list/[email protected]/message/DZMGTTV5XM4LA66FSIJSETNBBRRPJYOQ/
security.netapp.com/advisory/ntap-20231116-0014/