PT-2023-12146 · Redis+2 · Redis+2
Zer0E
·
Publicado
2023-07-15
·
Atualizado
2024-08-22
·
CVE-2021-31294
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Redis versions prior to 6.2
Redis versions prior to 6cbea7d
Description
The issue allows a replica to cause an assertion failure in a primary server by sending a non-administrative command, specifically a SET command. This was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.
Recommendations
For Redis versions prior to 6.2, update to version 6.2 or later to resolve the issue.
For Redis versions prior to 6cbea7d, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of the SET command from replicas to minimize the risk of exploitation.
Exploit
Correção
Assertion Failure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Debian
Redis