VYPR
Unrated severityNVD Advisory· Published Mar 2, 2023· Updated Mar 7, 2025

Integer Overflow in several Redis commands can lead to denial of service.

CVE-2023-25155

Description

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

27

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.