Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-02T03:01:36.879Z

Updated: 2024-08-02T11:18:36.023Z

Reserved: 2023-02-03T16:59:18.242Z

Link: CVE-2023-25155

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-02T04:15:10.807

Modified: 2024-11-21T07:49:12.907

Link: CVE-2023-25155

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-02-28T00:00:00Z

Links: CVE-2023-25155 - Bugzilla