Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-22458

Опубликовано: 20 янв. 2023
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS3: 5.5

Описание

Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

5:7.0.8-4
esm-apps/bionic

not-affected

code not present
esm-apps/focal

not-affected

code not present
esm-apps/jammy

not-affected

code not present
esm-apps/noble

not-affected

5:7.0.8-4
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
focal

not-affected

code not present
jammy

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%
0.667
Средний

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-22458

CVSS3: 5.5
redhat
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2023-22458

CVSS3: 5.5
nvd
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

msrc логотип

CVE-2023-22458

CVSS3: 5.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-22458

CVSS3: 5.5
debian
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated us ...

fstec логотип

BDU:2023-08390

CVSS3: 5.5
fstec
больше 2 лет назад

Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%
0.667
Средний

5.5 Medium

CVSS3