Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
`HINCRBYFLOAT` can be used to crash a redis-server process
Vulnerability Description
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
可达断言
Vulnerability Title
Redis 安全漏洞
Vulnerability Description
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 7.0.0 到 7.0.10版本、6.2.0 到 6.2.11版本、6.0.0 到 6.0.18版本存在安全漏洞,该漏洞源于对用户提供的输入的验证不充分,攻击者利用该漏洞可以使用 HINCRBYFLOAT命令创建一个无效的哈希字段,这将使 Redis 在访问时崩溃。
CVSS Information
N/A
Vulnerability Type
N/A