redis/redis-io

REDIS ON WINDOWS DBGHELP.DLL UNCONTROLLED SEARCH PATH

iav20 opened this issue · 0 comments

iav20 commented

A vulnerability was found in Redis on Windows (the affected version is unknown). It has been declared as critical.

This vulnerability affects an unknown functionality in the library C:/Program Files/Redis/dbghelp.dll. The manipulation with an unknown input leads to a privilege escalation vulnerability. The CWE definition for the vulnerability is CWE-427.

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 10/28/2022. The advisory is shared for download at cnblogs.com.

Refer https://vuldb.com/?id.212416 for more details

Please let us know about the impact of the issue and by when and in which version this issue can be expected to get fixed ?

Best Regards,
Apoorv