CVE-2023-22458

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 6.2 through 6.2.8 Redis versions 7.0 through 7.0.7

Description The issue is related to an integer overflow in the Redis database management system. Authenticated users can trigger a denial-of-service by crashing Redis with an assertion failure using specially crafted arguments with the HRANDFIELD or ZRANDMEMBER command.

Recommendations For Redis versions 6.2 through 6.2.8, upgrade to version 6.2.9 or newer. For Redis versions 7.0 through 7.0.7, upgrade to version 7.0.8 or newer. As a temporary workaround, consider restricting access to the HRANDFIELD and ZRANDMEMBER commands until a patch is applied.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025:0595

ALT-PU-2023-4982

ALT-PU-2023-5229

ALT-PU-2023-5230

ALT-PU-2023-5487

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-13053

BDU:2023-08390

BIT-KEYDB-2023-22458

BIT-REDIS-2023-22458

BIT-VALKEY-2023-22458

CESA-2025_0595

CVE-2023-22458

GHSA-R8W2-2M53-GPRJ

INFSA-2025_0595

OPENSUSE-SU-2023_0295-1

OPENSUSE-SU-2024:12619-1

RHSA-2025:0595

RHSA-2025_0595

RLSA-2025:0595

ROSA-SA-2023-2174

SUSE-SU-2023:0295-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Redis

Rocky Linux

Suse

CVE-2023-22458

Weakness Enumeration

Related Identifiers

Affected Products

References · 62