Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-25155

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

Published

2023-03-02T04:15:10.807

Last Modified

2024-11-21T07:49:12.907

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190
Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redis	redis	< 6.0.18	Yes
Application	redis	redis	< 6.2.11	Yes
Application	redis	redis	< 7.0.9	Yes

References

https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 Patch ([email protected])
https://github.com/redis/redis/releases/tag/6.0.18 Release Notes ([email protected])
https://github.com/redis/redis/releases/tag/6.2.11 Release Notes ([email protected])
https://github.com/redis/redis/releases/tag/7.0.9 Release Notes ([email protected])
https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 Vendor Advisory ([email protected])
https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/releases/tag/6.0.18 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/releases/tag/6.2.11 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/releases/tag/7.0.9 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)