Vulnerability Description
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redis | Redis | < 6.0.18 |
Related Weaknesses (CWE)
References
- https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619Patch
- https://github.com/redis/redis/releases/tag/6.0.18Release Notes
- https://github.com/redis/redis/releases/tag/6.2.11Release Notes
- https://github.com/redis/redis/releases/tag/7.0.9Release Notes
- https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83Vendor Advisory
- https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619Patch
- https://github.com/redis/redis/releases/tag/6.0.18Release Notes
- https://github.com/redis/redis/releases/tag/6.2.11Release Notes
- https://github.com/redis/redis/releases/tag/7.0.9Release Notes
- https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83Vendor Advisory
FAQ
What is CVE-2023-25155?
CVE-2023-25155 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting i...
How severe is CVE-2023-25155?
CVE-2023-25155 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25155?
Check the references section above for vendor advisories and patch information. Affected products include: Redis Redis.