Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
No reference.
Mon, 04 Nov 2024 07:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Redis 2.60 through 7.41 allows a denial of service (memory consumption) when authentication is enabled because "client-output-buffer-limit normal" has no limit, and an attacker can send requests without a password (which results in a "NOAUTH Authentication required" response). NOTE: this is disputed by third parties because Redis is not intended for use with untrusted clients. | DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| References |
|
Mon, 04 Nov 2024 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Redis 2.60 through 7.41 allows a denial of service (memory consumption) when authentication is enabled because "client-output-buffer-limit normal" has no limit, and an attacker can send requests without a password (which results in a "NOAUTH Authentication required" response). NOTE: this is disputed by third parties because Redis is not intended for use with untrusted clients. | |
| References |
|
Subscriptions
No data.
Status: REJECTED
Assigner: mitre
Published:
Updated: 2024-11-04T06:48:44.428Z
Reserved: 2024-10-08T00:00:00.000Z
Link: CVE-2024-48342
No data.
Status : Rejected
Published: 2024-11-04T07:15:11.437
Modified: 2024-11-04T07:15:11.437
Link: CVE-2024-48342
No data.
OpenCVE Enrichment
No data.
No weakness.