BIT-redis-2023-22458

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/redis/BIT-redis-2023-22458.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-redis-2023-22458
Aliases
Published
2024-03-06T11:04:43.276Z
Modified
2024-08-23T07:12:38.581968Z
Summary
[none]
Details

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / redis

Package

Name
redis
Purl
pkg:bitnami/redis

Severity

  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.2.0
Fixed
6.2.9
Introduced
7.0.0
Fixed
7.0.8