{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25155", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-03T16:59:18.242Z", "datePublished": "2023-03-02T03:01:36.879Z", "dateUpdated": "2024-08-02T11:18:36.023Z"}, "containers": {"cna": {"title": "Integer Overflow in several Redis commands can lead to denial of service.", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}, {"name": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"name": "https://github.com/redis/redis/releases/tag/6.0.18", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"name": "https://github.com/redis/redis/releases/tag/6.2.11", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.9", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": "< 6.0.18", "status": "affected"}, {"version": ">= 7.0.0, < 7.0.9", "status": "affected"}, {"version": ">= 6.2.0, < 6.2.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-02T03:01:36.879Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9."}], "source": {"advisory": "GHSA-x2r7-j9vw-3w83", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:36.023Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}, {"name": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"name": "https://github.com/redis/redis/releases/tag/6.0.18", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"name": "https://github.com/redis/redis/releases/tag/6.2.11", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F70AB47-0452-4438-87FC-6CBD440815EF", "versionEndExcluding": "6.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "F953DA13-66E1-4983-9744-F861931E8628", "versionEndExcluding": "6.2.11", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB0A4E48-9EF2-4F32-B72C-7F243EC31DB2", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9."}], "id": "CVE-2023-25155", "lastModified": "2024-11-21T07:49:12.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-02T04:15:10.807", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.0.18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/6.2.11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0595", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:6-8100020250113083959.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-22T00:00:00Z"}], "bugzilla": {"description": "redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack", "id": "2174306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174306"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9.", "A vulnerability was found in Redis. This flaw allows authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands to trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process."], "name": "CVE-2023-25155", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "redis", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2023-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-25155\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25155\nhttps://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619\nhttps://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83"], "threat_severity": "Moderate"}