Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM
command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "redis", "binary_version": "5:7.0.12-1" }, { "binary_name": "redis-sentinel", "binary_version": "5:7.0.12-1" }, { "binary_name": "redis-server", "binary_version": "5:7.0.12-1" }, { "binary_name": "redis-tools", "binary_version": "5:7.0.12-1" }, { "binary_name": "redis-tools-dbgsym", "binary_version": "5:7.0.12-1" } ], "availability": "No subscription required" }