PT-2023-2028 · Redis+10 · Redis+10

Yupeng Yang

Publicado

2023-03-01

Atualizado

2025-10-21

CVE-2023-25155

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9

Description The issue is related to an integer overflow that can be triggered by authenticated users issuing specially crafted commands, including SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD. This can result in a runtime assertion and termination of the Redis server process.

Recommendations For versions prior to 6.0.18, update to version 6.0.18 or later. For versions prior to 6.2.11, update to version 6.2.11 or later. For versions prior to 7.0.9, update to version 7.0.9 or later. As a temporary workaround, consider restricting access to the SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands until a patch is applied.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALSA-2025:0595

ALT-PU-2023-4982

ALT-PU-2023-5229

ALT-PU-2023-5230

ALT-PU-2023-5487

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-25354

BDU:2023-01740

BIT-KEYDB-2023-25155

BIT-REDIS-2023-25155

BIT-VALKEY-2023-25155

CESA-2025_0595

CVE-2023-25155

DLA-3885-1

GHSA-X2R7-J9VW-3W83

INFSA-2025_0595

MGASA-2023-0086

OESA-2025-1157

OPENSUSE-SU-2023_2925-1

OPENSUSE-SU-2024:12743-1

RHSA-2025:0595

RHSA-2025_0595

RLSA-2025:0595

ROSA-SA-2023-2174

SUSE-SU-2023:0693-1

SUSE-SU-2023:0694-1

SUSE-SU-2023:2122-1

SUSE-SU-2023:2925-1

SUSE-SU-2023_2925-1

USN-6531-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

PT-2023-2028 · Redis+10 · Redis+10

CVE-2023-25155

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 107