It was discovered that there was a potential remote denial of service vulnerability in Redis, a popular key-value database.
Authenticated users could have used string matching commands (like
SCAN
or KEYS
) with a specially crafted pattern to
trigger a denial-of-service attack, causing it to hang and consume 100% CPU
time.
SCAN
or KEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.For Debian 10 Buster, this problem has been fixed in version 5:5.0.14-1+deb10u3.
We recommend that you upgrade your redis packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS