CVE-2023-25155 - OpenCVE

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Redis	Redis

Configuration 1 [-]

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

References

Link	Resource
https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619	Patch
https://github.com/redis/redis/releases/tag/6.0.18	Release Notes
https://github.com/redis/redis/releases/tag/6.2.11	Release Notes
https://github.com/redis/redis/releases/tag/7.0.9	Release Notes
https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-02T03:01:36.879Z

Updated: 2023-03-02T03:01:36.879Z

Reserved: 2023-02-03T16:59:18.242Z

Link: CVE-2023-25155

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-03-02T04:15:10.807

Modified: 2023-03-10T05:02:32.413

Link: CVE-2023-25155

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-25155", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-03T16:59:18.242Z", "datePublished": "2023-03-02T03:01:36.879Z", "dateUpdated": "2023-03-02T03:01:36.879Z"}, "containers": {"cna": {"title": "Integer Overflow in several Redis commands can lead to denial of service.", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}, {"name": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"name": "https://github.com/redis/redis/releases/tag/6.0.18", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"name": "https://github.com/redis/redis/releases/tag/6.2.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": "< 6.0.18", "status": "affected"}, {"version": ">= 7.0.0, < 7.0.9", "status": "affected"}, {"version": ">= 6.2.0, < 6.2.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-02T03:01:36.879Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9."}], "source": {"advisory": "GHSA-x2r7-j9vw-3w83", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F70AB47-0452-4438-87FC-6CBD440815EF", "versionEndExcluding": "6.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "F953DA13-66E1-4983-9744-F861931E8628", "versionEndExcluding": "6.2.11", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB0A4E48-9EF2-4F32-B72C-7F243EC31DB2", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9."}], "id": "CVE-2023-25155", "lastModified": "2023-03-10T05:02:32.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-02T04:15:10.807", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Secondary"}]}