APP: Redis MSETNX command Denial of Service
This signature detects attempts to exploit a known vulnerability against Redis. A successful attack can result in a denial-of-service condition.
Extended Description
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
Affected Products
Redis redis
References
CVE: CVE-2022-36021
URL: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv
Short Name
APP:MISC:REDIS-MSETNX-DOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
CVE-2022-36021 CVE-2023-28425 Denial MSETNX Redis Service command of
Release Date
04/12/2023
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3596
False Positive
Unknown
Vendors
Redis