PT-2023-1718 · Redis+10 · Redis+10

Tom Levy

·

Publicado

2023-02-28

·

Atualizado

2025-10-21

·

CVE-2022-36021

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9
Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.
Recommendations Update to Redis version 6.0.18 or later for versions prior to 6.0.18. Update to Redis version 6.2.11 or later for versions prior to 6.2.11. Update to Redis version 7.0.9 or later for versions prior to 7.0.9. As a temporary workaround, consider restricting the use of SCAN and KEYS commands with specially crafted patterns until a patch is available.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-407CWE-190

Identificadores relacionados

ALSA-2025:0595
ALSA-2025_16880
ALT-PU-2023-4982
ALT-PU-2023-5229
ALT-PU-2023-5230
ALT-PU-2023-5487
ALT-PU-2025-11673
ALT-PU-2025-13204
AZL-13830
BDU:2023-01308
BIT-KEYDB-2022-36021
BIT-REDIS-2022-36021
BIT-VALKEY-2022-36021
CESA-2025_0595
CVE-2022-36021
DLA-3361-1
DLA-3885-1
GHSA-JR7J-RFJ5-8XQV
INFSA-2025_0595
MGASA-2023-0086
OESA-2023-1184
OPENSUSE-SU-2023_2925-1
OPENSUSE-SU-2024:12743-1
RHSA-2025:0595
RHSA-2025_0595
RLSA-2025:0595
ROSA-SA-2023-2174
SUSE-SU-2023:0693-1
SUSE-SU-2023:0694-1
SUSE-SU-2023:2122-1
SUSE-SU-2023:2925-1
SUSE-SU-2023_0693-1
SUSE-SU-2023_0694-1
SUSE-SU-2023_2122-1
SUSE-SU-2023_2925-1
USN-6531-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu