redis is vulnerable to Denial of Service (DoS) attacks. Authenticated users can trigger an integer overflow, resulting in runtime assertion and termination of the Redis server process using specially crafted commands such as SRANDMEMBER
, ZRANDMEMBER
, and HRANDFIELD
.
CPE | Name | Operator | Version |
---|---|---|---|
redis:sid | eq | 5:6.0.9-1 | |
redis:sid | eq | 5:6.0.15-1 | |
redis:sid | eq | 5:6.0.9-1 | |
redis:sid | eq | 5:6.0.15-1 |
github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619
github.com/redis/redis/releases/tag/6.0.18
github.com/redis/redis/releases/tag/6.2.11
github.com/redis/redis/releases/tag/7.0.9
github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
security-tracker.debian.org/tracker/CVE-2023-25155