Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-25155

Опубликовано: 28 фев. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

A vulnerability was found in Redis. This flaw allows authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands to trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 9redisWill not fix
Red Hat OpenStack Platform 13 (Queens)redisOut of support scope
Red Hat Software Collectionsrh-redis6-redisWill not fix
Red Hat Enterprise Linux 8redisFixedRHSA-2025:059522.01.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2174306redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack

EPSS

Процентиль: 86%
0.02909
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-25155

CVSS3: 5.5
ubuntu
почти 3 года назад

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

nvd логотип

CVE-2023-25155

CVSS3: 5.5
nvd
почти 3 года назад

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

msrc логотип

CVE-2023-25155

CVSS3: 6.5
msrc
почти 3 года назад

Integer Overflow in several Redis commands can lead to denial of service.

debian логотип

CVE-2023-25155

CVSS3: 5.5
debian
почти 3 года назад

Redis is an in-memory database that persists on disk. Authenticated us ...

fstec логотип

BDU:2023-01740

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость системы управления баз данных Redis, связанная с целочисленным переполнением буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 86%
0.02909
Низкий

6.5 Medium

CVSS3