漏洞信息详情
Redis Labs Redis 输入验证错误漏洞
漏洞简介
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。
Redis 存在输入验证错误漏洞,该漏洞源于针对大型intsets的COPY命令中存在整数溢出。远程攻击者可利用该漏洞可以将专门设计的数据传递给应用程序,触发整数溢出,并在目标系统上执行任意代码。以下产品和版本的影响:Redis: 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.6.12, 2.6.13, 2.6.14, 2.6.15, 2.6.16, 2.6.17, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.8.13, 2.8.14, 2.8.15, 2.8.16, 2.8.17, 2.8.18, 2.8.19, 2.8.20, 2.8.21, 2.8.22, 2.8.23, 2.8.24, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.2.10, 3.2.11, 3.2.12, 3.2.13, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.2.0, 6.2.1, 6.2.2。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:
https://redis.io/
参考网址
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/EZJ6JGQ2ETZB2DWTQSGCOGG7EF3ILV4V/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/BPWBIZXA67JFIB63W2CNVVILCGIC2ME5/
来源:CONFIRM
链接:https://github.com/redis/redis/security/advisories/GHSA-qh52-crrg-44g3
来源:MISC
链接:https://redis.io/
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-29478
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021070902
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021050401
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-29478
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1750
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2657
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163447/Gentoo-Linux-Security-Advisory-202107-20.html
受影响实体
暂无
补丁
- Redis Labs Redis 输入验证错误漏洞的修复措施<!--2021-5-4-->
还没有评论,来说两句吧...