Unrated severityNVD Advisory· Published Jan 20, 2023· Updated Mar 10, 2025
Integer overflow in multiple Redis commands can lead to denial-of-service
CVE-2023-22458
Description
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11- osv-coords9 versionspkg:bitnami/keydbpkg:bitnami/redispkg:bitnami/valkeypkg:rpm/almalinux/redispkg:rpm/almalinux/redis-develpkg:rpm/almalinux/redis-docpkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/redis&distro=openSUSE%20Tumbleweedpkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
>= 6.2.0, < 6.2.9+ 8 more
- (no CPE)range: >= 6.2.0, < 6.2.9
- (no CPE)range: >= 6.2.0, < 6.2.9
- (no CPE)range: >= 6.2.0, < 6.2.9
- (no CPE)range: < 6.2.17-1.module_el8.10.0+3946+3de613d5
- (no CPE)range: < 6.2.17-1.module_el8.10.0+3946+3de613d5
- (no CPE)range: < 6.2.17-1.module_el8.10.0+3946+3de613d5
- (no CPE)range: < 6.2.6-150400.3.11.1
- (no CPE)range: < 7.0.8-1.1
- (no CPE)range: < 6.2.6-150400.3.11.1
Patches
Vulnerability mechanics
References
4- github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02mitrex_refsource_MISC
- github.com/redis/redis/releases/tag/6.2.9mitrex_refsource_MISC
- github.com/redis/redis/releases/tag/7.0.8mitrex_refsource_MISC
- github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.