REDIS ON WINDOWS DBGHELP.DLL UNCONTROLLED SEARCH PATH

31 views
Skip to first unread message

Apoorv Verma

unread,
Nov 15, 2022, 12:38:40 AM11/15/22
to Redis DB

Hello Experts,

A vulnerability was found in Redis on Windows (the affected version is unknown). It has been declared as critical.

This vulnerability affects an unknown functionality in the library C:/Program Files/Redis/dbghelp.dll. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-427.

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 10/28/2022. The advisory is shared for download at cnblogs.com.

Refer https://vuldb.com/?id.212416 for more details

Please let us know about the impact of the issue and by when and in which version this issue can be expected to get fixed ?

Best Regards,
Apoorv

Reply all
Reply to author
Forward
0 new messages