Bug 2163132 (CVE-2023-22458)

Summary: CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aileenc, amackenz, amasferr, apevec, bbuckingham, bcoca, bcourt, bdettelb, chazlett, cwelton, davidn, eglynn, ehelms, epacific, gmalinko, gparvin, hhorak, janstey, jcammara, jhardy, jjoyce, jneedle, jobarker, jorton, jsherril, jwon, lhh, lzap, mabashia, mburns, mgarciac, mhulan, mkudlej, nathans, njean, nmoumoul, orabin, osapryki, owatkins, pahickey, pcreech, pdelbell, rchan, rcollet, redis-maint, rhos-maint, simaishi, smcdonal, spower, stcannon, teagle, tjochec, yguenane, zsadeh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: redis 6.2.9, redis 7.0.8 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue an `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial of service by crashing Redis with an assertion failure.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2163168, 2163170, 2163172, 2163174, 2163176, 2163177, 2163377, 2163378    
Bug Blocks: 2161476    

Description Sandipan Roy 2023-01-23 07:36:40 UTC 
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02
https://github.com/redis/redis/releases/tag/6.2.9
https://github.com/redis/redis/releases/tag/7.0.8
Comment 1 Sandipan Roy 2023-01-23 07:43:06 UTC 
Created pymodbus tracking bugs for this issue:

Affects: fedora-37 [bug 2163172]


Created redis tracking bugs for this issue:

Affects: fedora-36 [bug 2163170]
Affects: fedora-37 [bug 2163174]