Home > Vulnerability Database > CVE-2023-22458

Mend.io Vulnerability Database

CVE-2023-22458

Good to know:

Date: January 20, 2023

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: C

Severity Score

5.5

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-22458

Url: https://security-tracker.debian.org/tracker/CVE-2023-22458

Url: https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj

Url: https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02

Url: https://github.com/redis/redis/releases/tag/6.2.9

Url: https://github.com/redis/redis/releases/tag/7.0.8

Url: https://access.redhat.com/security/cve/CVE-2023-22458

Url: https://www.mend.io/vulnerability-database/CVE-2023-22458

Severity Score

5.5

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version 6.2.9,7.0.8

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-22458

Good to know:

Date: January 20, 2023

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?