漏洞标题
在 Windows dbghelp.dll 中不受控制搜索路径的 Redis
漏洞描述信息
Windows上的Redis dbghelp.dll不受控制的搜索路径
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Redis on Windows dbghelp.dll uncontrolled search path
漏洞描述信息
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
不可信的搜索路径
漏洞标题
Redis Labs Redis 代码问题漏洞
漏洞描述信息
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis存在代码问题漏洞,该漏洞源于C:/Program Files/Redis/dbghelp.dll中的未知代码导致搜索路径不受限。
CVSS信息
N/A
漏洞类别
代码问题