CVE-2023-22458 Information

Description

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Reference

https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8