6164 – [Anolis OS 23] Bugfix for CVE-2022-36021

Bug 6164 - [Anolis OS 23] Bugfix for CVE-2022-36021

Summary: [Anolis OS 23] Bugfix for CVE-2022-36021

Status:	RESOLVED INVALID

Alias:	None

Product:	Anolis OS 23
Classification:	Anolis OS
Component:	BaseOS Packages (show other bugs)	BaseOS Packages
Sub Component:
Version:	unspecified
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	happy_orange
QA Contact:	bolong_tbl

URL:
Whiteboard:
Keywords:	CVE

Depends on:
Blocks:

Reported:	2023-08-15 16:03 UTC by 小龙
Modified:	2023-09-07 13:36 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 小龙 admin

2023-08-15 16:03:43 UTC

Description:
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.

Broken commit info:

Bugfix commit info:
https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84
https://github.com/gentoo/gentoo/pull/29860

Comment 1 扣肉 2023-09-05 19:19:34 UTC

Anolis 23 自带 redis 7.0.11，不受此 CVE 危害。

Comment 2 扣肉 2023-09-07 13:36:06 UTC

Anolis 23 自带 redis 7.0.11，不受此 CVE 危害。