Unrated severityNVD Advisory· Published Jan 20, 2023· Updated Mar 10, 2025

Integer overflow in multiple Redis commands can lead to denial-of-service

CVE-2023-22458

Description

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products

Redis/Redisv5
Range: >= 6.2, < 6.2.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02mitrex_refsource_MISC
github.com/redis/redis/releases/tag/6.2.9mitrex_refsource_MISC
github.com/redis/redis/releases/tag/7.0.8mitrex_refsource_MISC
github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprjmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.041
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000