Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Redis: Bug in XACKDEL may lead to stack overflow and potential RCE
Vulnerability Description
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run the XACKDEL command with multiple ID's and trigger a stack buffer overflow, which may potentially lead to remote code execution. This issue is fixed in version 8.2.3. To workaround this issue without patching the redis-server executable is to prevent users from executing XACKDEL operation. This can be done using ACL to restrict XACKDEL command.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Redis 安全漏洞
Vulnerability Description
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.0版本和8.2.3之前版本存在安全漏洞,该漏洞源于XACKDEL命令触发栈缓冲区溢出,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A