CVE-2023-22458

Integer overflow in multiple Redis commands can lead to denial-of-service

CVSS 5.5 MEDIUMEPSS 69.4%CWE-190

In short

Redis can crash when an authenticated user sends specially crafted `HRANDFIELD` or `ZRANDMEMBER` commands, causing the database to stop working temporarily. This affects Redis 6.2 and 7.0 versions, so administrators should update to patched versions.

Technical detail

An integer overflow in `HRANDFIELD` and `ZRANDMEMBER` commands allows authenticated users to trigger an assertion failure that crashes the Redis process. The vulnerability requires valid authentication and affects Redis 6.2.0–6.2.8 and 7.0.0–7.0.7, resulting in denial-of-service via unhandled exception.

Summary generated and translated by AI from the official description.

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

redis · redis

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj