Vulnerability CVE-2023-22458: Information

Description

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-22458
Published: Jan. 20, 2023
Modified: Feb. 2, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
redissisyphus7.0.12-alt17.2.4-alt1.1ALT-PU-2023-4982-3327278Fixed
redissisyphus_e2k7.0.12-alt17.2.4-alt1.1ALT-PU-2023-5079-1-Fixed
redissisyphus_riscv647.2.0-alt0.port7.2.4-alt0.portALT-PU-2023-5217-1-Fixed
redisp106.2.13-alt16.2.14-alt1ALT-PU-2023-5230-3327639Fixed
redisp10_e2k6.2.13-alt16.2.14-alt1ALT-PU-2023-5452-1-Fixed
redisc10f16.2.13-alt16.2.13-alt1ALT-PU-2023-5229-3327640Fixed
redisc9f26.2.13-alt16.2.13-alt1ALT-PU-2023-5487-2328853Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
  • Third Party Advisory
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02
  • Patch
  • Third Party Advisory
https://github.com/redis/redis/releases/tag/6.2.9
  • Release Notes
  • Third Party Advisory
https://github.com/redis/redis/releases/tag/7.0.8
  • Release Notes
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
      Start including
      6.2.0
      End excliding
      6.2.9
      cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
      Start including
      7.0.0
      End excliding
      7.0.8
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top