Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RedisTimeSeries Integer Overflow Remote Code Execution Vulnerability
Vulnerability Description
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
RedisTimeSeries 安全漏洞
Vulnerability Description
RedisTimeSeries是RedisTimeSeries开源的一个 Redis 的时间序列数据结构。 RedisTimeSeries存在安全漏洞,该漏洞源于经过身份验证的用户使用特制的命令参数执行TS.QUERYINDEX、TS.MGET、TS.MRAGE、TS.MREVRANGE命令之一可能会导致整数溢出和堆溢出,并导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A