2163132 – (CVE-2023-22458) CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service

Bug 2163132 (CVE-2023-22458) - CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service

Summary: CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBE...

Keywords:
Status:	NEW
Alias:	CVE-2023-22458
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2163168 2163170 2163172 2163174 2163176 2163177 2163377 2163378
Blocks:	2161476
TreeView+	depends on / blocked

Reported:	2023-01-23 07:36 UTC by Sandipan Roy
Modified:	2025-04-01 08:28 UTC (History)
CC List:	80 users (show)
Fixed In Version:	redis 6.2.9, redis 7.0.8
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2025:0698	0	None	None	None	2025-01-27 02:35:05 UTC
Red Hat Product Errata	RHSA-2025:0595	0	None	None	None	2025-01-22 10:35:45 UTC

Description Sandipan Roy 2023-01-23 07:36:40 UTC

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02
https://github.com/redis/redis/releases/tag/6.2.9
https://github.com/redis/redis/releases/tag/7.0.8

Comment 1 Sandipan Roy 2023-01-23 07:43:06 UTC

Created pymodbus tracking bugs for this issue:

Affects: fedora-37 [bug 2163172]


Created redis tracking bugs for this issue:

Affects: fedora-36 [bug 2163170]
Affects: fedora-37 [bug 2163174]

Comment 12 errata-xmlrpc 2025-01-22 10:35:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:0595 https://access.redhat.com/errata/RHSA-2025:0595

Note You need to log in before you can comment on or make changes to this bug.

aileenc
akostadi
alcohan
amackenz
amasferr
apevec
bbuckingham
bcoca
bcourt
bdettelb
brking
cbartlet
chazlett
cwelton
davidn
dmayorov
doconnor
eglynn
ehelms
epacific
ggainey
gmalinko
gparvin
haoli
hhorak
hkataria
janstey
jcammara
jhardy
jjoyce
jlledo
jmitchel
jneedle
jobarker
jorton
jschluet
jsherril
juwatts
jwon
kegrant
koliveir
kshier
lhh
lsvaty
lzap
mabashia
mburns
mgarciac
mhulan
mkudlej
mmakovy
nathans
njean
nmoumoul
orabin
owatkins
pahickey
pbraun
pcreech
pdelbell
pgrist
rchan
rcollet
redis-maint
relrod
rhaigner
rhos-maint
rstepani
shvarugh
simaishi
smallamp
smcdonal
spower
stcannon
teagle
tfister
thavo
tjochec
yguenane
zsadeh