CVE-2023-25155
- Source
- https://cve.org/CVERecord?id=CVE-2023-25155
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-25155.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-25155
- Aliases
-
- BIT-keydb-2023-25155
- BIT-redis-2023-25155
- BIT-valkey-2023-25155
- GHSA-x2r7-j9vw-3w83
- Downstream
- Related
- Published
- 2023-03-02T03:01:36.879Z
- Modified
- 2026-06-18T04:08:59.919953751Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Integer Overflow in several Redis commands can lead to denial of service.
- Details
-
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted
SRANDMEMBER,ZRANDMEMBER, andHRANDFIELDcommands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25155.json", "cwe_ids": [ "CWE-190" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/redis/redis/releases/tag/6.0.18
- https://github.com/redis/redis/releases/tag/6.2.11
- https://github.com/redis/redis/releases/tag/7.0.9
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25155.json
- https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
- https://nvd.nist.gov/vuln/detail/CVE-2023-25155
- https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedFixed
- Database specific
{ "cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "source": [ "CPE_RANGE", "REFERENCES" ], "extracted_events": [ { "introduced": "0" }, { "fixed": "6.0.18" }, { "introduced": "6.2.0" }, { "fixed": "6.2.11" }, { "introduced": "7.0.0" }, { "fixed": "7.0.9" } ] }
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
6.*
6.0-rc1
6.0-rc2
6.0-rc3
6.0-rc4
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.17
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2.0
6.2.1
6.2.10
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7
7.0.8
v1.*
v1.3.10
v1.3.11
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen