Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-20T18:19:24.166Z

Updated: 2024-08-02T10:13:48.522Z

Reserved: 2022-12-29T03:00:40.878Z

Link: CVE-2023-22458

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-20T19:15:17.917

Modified: 2024-11-21T07:44:50.810

Link: CVE-2023-22458

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-01-17T00:00:00Z

Links: CVE-2023-22458 - Bugzilla