CVE-2023-25155
MEDIUM severity · CVSS 5.5 · Integer overflow
5.5CVSS MEDIUM
Summary
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)5%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 ↗
Additional information
- NVD record
- https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619Patch
- https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619Patch
- https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83Advisory
- https://github.com/redis/redis/releases/tag/6.0.18
- https://github.com/redis/redis/releases/tag/6.2.11
- https://github.com/redis/redis/releases/tag/7.0.9
- https://github.com/redis/redis/releases/tag/6.0.18
- https://github.com/redis/redis/releases/tag/6.2.11