Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25155.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-190"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "6.0.18"
},
{
"introduced": "6.2.0"
},
{
"fixed": "6.2.11"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
}
]
}"2026-07-09T10:58:26Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25155.json"
[
{
"id": "CVE-2023-25155-26059714",
"digest": {
"line_hashes": [
"233397633113387263380333128132493005614",
"297249636475232444414720420697069909144",
"192491262720804256800156683653322957348",
"323981827400773233856008093971754547535"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"file": "src/t_set.c"
}
},
{
"id": "CVE-2023-25155-3f9c6255",
"digest": {
"line_hashes": [
"316126382291076316363364104166368538536",
"291275220492342436605783440481230441017",
"215827571423989882791383329131923305456",
"45019657333175470622628141124169215478",
"161657606240419017322417502645836237751",
"12388704427142053491530467581990851869",
"98041861875930914103094945466487986293",
"267110106297186428566960840541767800365",
"186484567910916600164299437196400975439",
"101077035933776520270488514198679523039"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"file": "src/t_hash.c"
}
},
{
"id": "CVE-2023-25155-57a31ff9",
"digest": {
"function_hash": "155854359301080020941959156626392479104",
"length": 793.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"function": "hrandfieldCommand",
"file": "src/t_hash.c"
}
},
{
"id": "CVE-2023-25155-6cda6b08",
"digest": {
"function_hash": "35218585095598715204578737963059707435",
"length": 2349.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"function": "srandmemberWithCountCommand",
"file": "src/t_set.c"
}
},
{
"id": "CVE-2023-25155-83f71d91",
"digest": {
"function_hash": "133415332476425170607265729583892341887",
"length": 793.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"function": "zrandmemberCommand",
"file": "src/t_zset.c"
}
},
{
"id": "CVE-2023-25155-cee70947",
"digest": {
"line_hashes": [
"300254959242599039318553219372450530928",
"43072399325027084151847405101383032079",
"37475477714640871587546313729654702685",
"248267414078615091634004363466135950237",
"248368228664088141513127100331604997369",
"6843961658032542631905095034814808129",
"10827992534299731909193345925841420791",
"138212684921325006977100680107387253680",
"77000074221355265286543162429196505110",
"101077035933776520270488514198679523039"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619",
"deprecated": false,
"target": {
"file": "src/t_zset.c"
}
}
]