Vulnerability identifier: #VU57034
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
Server applications / Database software
Vendor: Redis Labs
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing RESP request payloads with a large number of elements on many connections. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versions
Redis: 6.0.0 - 6.0.15, 6.2.0 - 6.2.5, 5.0.0 - 5.0.13
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?