You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authenticated users can use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.
Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Tom Levy.
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users can use string matching commands (like
SCAN
orKEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Tom Levy.
For more information
If you have any questions or comments about this advisory: