Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-22458

Опубликовано: 17 янв. 2023
Источник: redhat
CVSS3: 5.5

Описание

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue an HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial of service by crashing Redis with an assertion failure.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Not affected
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Enterprise Linux 8redisWill not fix
Red Hat Enterprise Linux 9redisWill not fix
Red Hat Fuse 7redisNot affected
Red Hat OpenStack Platform 13 (Queens)redisOut of support scope
Red Hat Quay 3quay/quay-rhel8Will not fix
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Satellite 6tfm-rubygem-gitlab-sidekiq-fetcherNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2163132redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-22458

CVSS3: 5.5
ubuntu
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2023-22458

CVSS3: 5.5
nvd
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

msrc логотип

CVE-2023-22458

CVSS3: 5.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-22458

CVSS3: 5.5
debian
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated us ...

fstec логотип

BDU:2023-08390

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3