5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN
or KEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
CPE | Name | Operator | Version |
---|---|---|---|
redis | eq | 2.2-alpha6 | |
redis | eq | with-deprecated-diskstore | |
redis | eq | 1.3.6 | |
redis | eq | 1.3.8 | |
redis | eq | 2.2-alpha5 | |
redis | eq | 2.2.0-rc1 | |
redis | eq | 2.2-alpha1 | |
redis | eq | 2.0.0-rc1 | |
redis | eq | 1.3.11 | |
redis | eq | 3.0-alpha0 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%