BIT-redis-2023-22458

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/redis/BIT-redis-2023-22458.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-redis-2023-22458

Aliases

Published

2024-03-06T11:04:43.276Z

Modified

2024-08-23T07:13:09.314401Z

Summary

[none]

Details

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / redis

Package

Name: redis
Purl: pkg:bitnami/redis

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

6.2.0

Fixed

6.2.9

Introduced

7.0.0

Fixed

7.0.8