RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.
References
Link | Resource |
---|---|
https://github.com/RedisGraph/RedisGraph/issues/1502 | Exploit Third Party Advisory |
https://github.com/RedisGraph/RedisGraph/pull/1503 | Patch Third Party Advisory |
Configurations
History
28 Dec 2020, 18:11
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redislabs:redisgraph:*:*:*:*:*:*:*:* | |
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References | (MISC) https://github.com/RedisGraph/RedisGraph/issues/1502 - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/RedisGraph/RedisGraph/pull/1503 - Patch, Third Party Advisory |
Information
Published : 2020-12-23 23:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35668
Mitre link : CVE-2020-35668
CVE.ORG link : CVE-2020-35668
JSON object : View
Products Affected
redislabs
- redisgraph
CWE
CWE-476
NULL Pointer Dereference