BIT-valkey-2023-22458

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/valkey/BIT-valkey-2023-22458.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-valkey-2023-22458
Aliases
Published
2024-08-22T19:42:35.050Z
Modified
2024-08-23T07:12:38.581968Z
Summary
[none]
Details

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / valkey

Package

Name
valkey
Purl
pkg:bitnami/valkey

Severity

  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
6.2.0
Fixed
6.2.9
Introduced
7.0.0
Fixed
7.0.8