| Summary | Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
|---|---|
| Publication Date | Oct. 8, 2024, 5:15 a.m. |
| Registration Date | Oct. 8, 2024, noon |
| Last Update | Oct. 10, 2024, 9:57 p.m. |
| Title | Redis Ltd. の Redis における再帰制御に関する脆弱性 |
|---|---|
| Summary | Redis Ltd. の Redis には、再帰制御に関する脆弱性が存在します。 |
| Possible impacts | サービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution | ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。 |
| Publication Date | Oct. 7, 2024, midnight |
| Registration Date | Sept. 9, 2025, 5:01 p.m. |
| Last Update | Sept. 9, 2025, 5:01 p.m. |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2025年09月09日] 掲載 | Sept. 9, 2025, 2:30 p.m. |