{"api_version":"1","generated_at":"2026-04-23T11:35:30+00:00","cve":"CVE-2023-22458","urls":{"html":"https://cve.report/CVE-2023-22458","api":"https://cve.report/api/cve/CVE-2023-22458.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-22458","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-22458"},"summary":{"title":"CVE-2023-22458","description":"Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-01-20 19:15:00","updated_at":"2023-02-02 14:23:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02","name":"https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02","refsource":"MISC","tags":[],"title":"Fix range issues in ZRANDMEMBER and HRANDFIELD (CVE-2023-22458) (#11674) · redis/redis@16f408b · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj","name":"https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj","refsource":"MISC","tags":[],"title":"Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service · Advisory · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/redis/redis/releases/tag/7.0.8","name":"https://github.com/redis/redis/releases/tag/7.0.8","refsource":"MISC","tags":[],"title":"Release 7.0.8 · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/redis/redis/releases/tag/6.2.9","name":"https://github.com/redis/redis/releases/tag/6.2.9","refsource":"MISC","tags":[],"title":"Release 6.2.9 · redis/redis · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-22458","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22458","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"22458","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redis","cpe5":"redis","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-22458","qid":"182305","title":"Debian Security Update for redis (CVE-2023-22458)"},{"cve":"CVE-2023-22458","qid":"283636","title":"Fedora Security Update for redis (FEDORA-2023-fbfe7a6cfe)"},{"cve":"CVE-2023-22458","qid":"283639","title":"Fedora Security Update for redis (FEDORA-2023-68ae37fca3)"},{"cve":"CVE-2023-22458","qid":"356171","title":"Amazon Linux Security Advisory for redis : ALASREDIS6-2023-001"},{"cve":"CVE-2023-22458","qid":"356510","title":"Amazon Linux Security Advisory for redis : ALAS2REDIS6-2023-001"},{"cve":"CVE-2023-22458","qid":"502644","title":"Alpine Linux Security Update for redis"},{"cve":"CVE-2023-22458","qid":"502645","title":"Alpine Linux Security Update for redis"},{"cve":"CVE-2023-22458","qid":"504360","title":"Alpine Linux Security Update for redis"},{"cve":"CVE-2023-22458","qid":"691029","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for redis (5fa68bd9-95d9-11ed-811a-080027f5fec9)"},{"cve":"CVE-2023-22458","qid":"753641","title":"SUSE Enterprise Linux Security Update for redis (SUSE-SU-2023:0295-1)"},{"cve":"CVE-2023-22458","qid":"905285","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13042)"},{"cve":"CVE-2023-22458","qid":"905290","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13053)"},{"cve":"CVE-2023-22458","qid":"905577","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13042-1)"},{"cve":"CVE-2023-22458","qid":"905608","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13053-1)"},{"cve":"CVE-2023-22458","qid":"906564","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13042-3)"},{"cve":"CVE-2023-22458","qid":"906632","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13053-3)"},{"cve":"CVE-2023-22458","qid":"906797","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for redis (13042-5)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-22458","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-190: Integer Overflow or Wraparound","cweId":"CWE-190"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"redis","product":{"product_data":[{"product_name":"redis","version":{"version_data":[{"version_value":">= 6.2, < 6.2.9","version_affected":"="},{"version_value":">= 7.0, < 7.0.8","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/redis/redis/releases/tag/6.2.9","refsource":"MISC","name":"https://github.com/redis/redis/releases/tag/6.2.9"},{"url":"https://github.com/redis/redis/releases/tag/7.0.8","refsource":"MISC","name":"https://github.com/redis/redis/releases/tag/7.0.8"},{"url":"https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj","refsource":"MISC","name":"https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj"},{"url":"https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02","refsource":"MISC","name":"https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02"}]},"source":{"advisory":"GHSA-r8w2-2m53-gprj","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2023-01-20 19:15:00","lastModifiedDate":"2023-02-02 14:23:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0","versionEndExcluding":"6.2.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}