Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Specially crafted CF.RESERVE command can lead to denial-of-service
Vulnerability Description
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
RedisBloom 安全漏洞
Vulnerability Description
RedisBloom是RedisBloom开源的一个库。为 Redis 添加了一组概率数据结构。 RedisBloom存在安全漏洞,该漏洞源于经过身份验证的用户可以使用特制的命令触发运行时断言并终止Redis服务器进程。
CVSS Information
N/A
Vulnerability Type
N/A