Integer Overflow in several Redis commands can lead to denial of service.
CVE-2023-25155
5.5MEDIUM
What is CVE-2023-25155?
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER
, ZRANDMEMBER
, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Affected Version(s)
redis < 6.0.18 < 6.0.18
redis >= 7.0.0, < 7.0.9 < 7.0.0, 7.0.9
redis >= 6.2.0, < 6.2.11 < 6.2.0, 6.2.11