Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2015-4335 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
redis (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU33828
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4335
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
MitigationInstall update from vendor's website.
Vulnerable software versionsredis (Alpine package): 2.8.9-r2 - 2.8.17-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=616183cdf0ec0ca50add9ff8429f2fcf42f369bc
http://git.alpinelinux.org/aports/commit/?id=ce3b85c17869c6e4d324a05518b23856e650ae99
http://git.alpinelinux.org/aports/commit/?id=767c2e73ddbc57f6b6aa16649bf5a28473b043ee
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.