Denial of Service Vulnerability in Redis by RedisLabs
CVE-2023-31655

7.5HIGH

Key Information:

Vendor: Redis
Status: Redis
Vendor: CVE Published:; 18 May 2023

What is CVE-2023-31655?

A segmentation violation has been identified in Redis version 7.0.10, which may lead to a Denial of Service (DoS) condition. Attackers can exploit this vulnerability through unspecified vectors, potentially disrupting the service and causing significant downtime for applications relying on Redis for data caching and management. It is essential for users to be aware of this issue and apply the necessary updates to mitigate potential risks.

References

https://github.com/RedisLabs/redisraft/issues/608

https://security.netapp.com/advisory/ntap-20230616-0005/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2023
Vulnerability Reserved
Apr 29, 2023