发布于3月6日3月6日 Members SUSE: CVE-2022-35977: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/20/2023 Created 02/08/2023 Added 02/07/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-redis References https://attackerkb.com/topics/cve-2022-35977 CVE - 2022-35977
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。