Impact
Authenticated users can use string matching commands (like SCAN
or KEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.
Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Tom Levy.
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users can use string matching commands (like
SCAN
orKEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Tom Levy.
For more information
If you have any questions or comments about this advisory: