CVE-2023-22458

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-22458
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22458.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-22458
Aliases
Downstream
Related
Published
2023-01-20T18:19:24Z
Modified
2025-10-16T09:27:54.275804Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Integer overflow in multiple Redis commands can lead to denial-of-service
Details

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
445aa844b946a8f1bc21ac8554b44adb1ecb4018
Fixed
137696d80811c25b918f7f543bcbe8c9c142f49d
Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
1c75ab062d0cb1f3af57e39a399325b9e917e85f

Affected versions

6.*

6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8

7.*

7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7