Exploit Report

Exploit Report

Computer Security And Bug Information

CVE-2022-36021

Last Updated: March 9, 2023
CVECVE-2022-36021
CVE Ordinal Value241782
Published Date2023-03-01T16:15Z
Modified Date2023-03-09T01:07Z
CWE TypeCWE-407
CVSS 3.xCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
DescriptionRedis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
References
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
Reference DescriptionMISC https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
Reference URLhttps://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
Reference DescriptionMISC https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
TagsVendor Advisory
Sources NIST MITRE

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles