2163132 – (CVE-2023-22458) CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service

Bug 2163132 (CVE-2023-22458) - CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service

Summary: CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBE...

Keywords:
Status:	NEW
Alias:	CVE-2023-22458
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2163168 2163170 2163172 2163174 2163176 2163177 2163377 2163378
Blocks:	2161476
TreeView+	depends on / blocked

Reported:	2023-01-23 07:36 UTC by Sandipan Roy
Modified:	2023-07-21 22:26 UTC (History)
CC List:	54 users (show)
Fixed In Version:	redis 6.2.9, redis 7.0.8
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue an `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial of service by crashing Redis with an assertion failure.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2023-01-23 07:36:40 UTC

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02
https://github.com/redis/redis/releases/tag/6.2.9
https://github.com/redis/redis/releases/tag/7.0.8

Comment 1 Sandipan Roy 2023-01-23 07:43:06 UTC

Created pymodbus tracking bugs for this issue:

Affects: fedora-37 [bug 2163172]


Created redis tracking bugs for this issue:

Affects: fedora-36 [bug 2163170]
Affects: fedora-37 [bug 2163174]

Note You need to log in before you can comment on or make changes to this bug.

aileenc
amackenz
amasferr
apevec
bbuckingham
bcoca
bcourt
bdettelb
chazlett
cwelton
davidn
eglynn
ehelms
epacific
gmalinko
gparvin
hhorak
janstey
jcammara
jhardy
jjoyce
jneedle
jobarker
jorton
jsherril
jwon
lhh
lzap
mabashia
mburns
mgarciac
mhulan
mkudlej
nathans
njean
nmoumoul
orabin
osapryki
owatkins
pahickey
pcreech
pdelbell
rchan
rcollet
redis-maint
rhos-maint
simaishi
smcdonal
spower
stcannon
teagle
tjochec
yguenane
zsadeh