Yupeng Yang

**Name of the Vulnerable Software and Affected Versions** Redis versions 7.0.8 through 7.0.9 **Description** The issue is related to the lack of input data sanitization in the Redis database management system. Exploitation of this issue may allow an attacker to send a specially crafted MSETNX command, causing a denial of service and terminating the Redis server process. Authenticated users can trigger a runtime assertion using the MSETNX command. **Recommendations** For Redis versions 7.0.8 through 7.0.9, update to Redis version 7.0.10 to resolve the issue. As a temporary workaround, consider restricting access to the MSETNX command until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9 **Description** The issue is related to an integer overflow that can be triggered by authenticated users issuing specially crafted commands, including `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD`. This can result in a runtime assertion and termination of the Redis server process. **Recommendations** For versions prior to 6.0.18, update to version 6.0.18 or later. For versions prior to 6.2.11, update to version 6.2.11 or later. For versions prior to 7.0.9, update to version 7.0.9 or later. As a temporary workaround, consider restricting access to the `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands until a patch is applied.