Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published

2023-01-20T19:15:17.917

Last Modified

2024-11-21T07:44:50.810

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redis	redis	< 6.2.9	Yes
Application	redis	redis	< 7.0.8	Yes

References

https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 Patch, Third Party Advisory ([email protected])
https://github.com/redis/redis/releases/tag/6.2.9 Release Notes, Third Party Advisory ([email protected])
https://github.com/redis/redis/releases/tag/7.0.8 Release Notes, Third Party Advisory ([email protected])
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj Third Party Advisory ([email protected])
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/releases/tag/6.2.9 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/releases/tag/7.0.8 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)