1911331 – (CVE-2020-35668) CVE-2020-35668 redisgraph: NULL pointer dereference because it mishandles an unquoted string

Bug 1911331 (CVE-2020-35668) - CVE-2020-35668 redisgraph: NULL pointer dereference because it mishandles an unquoted string

Summary: CVE-2020-35668 redisgraph: NULL pointer dereference because it mishandles an ...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2020-35668
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1912620
Blocks:	1911332
TreeView+	depends on / blocked

Reported:	2020-12-28 18:19 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-10-28 05:04 UTC (History)
CC List:	6 users (show)
Fixed In Version:	redisgraph 2.2.12
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-28 05:04:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-12-28 18:19:10 UTC

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced.

Reference:
https://github.com/RedisGraph/RedisGraph/issues/1502

Upstream patch:
https://github.com/RedisGraph/RedisGraph/pull/1503

Note You need to log in before you can comment on or make changes to this bug.