CVE-2023-22458

Name	CVE-2023-22458
Description	Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	1029363

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
redis (PTS)	jessie, jessie (lts)	2:2.8.17-1+deb8u12	fixed
	stretch (security)	3:3.2.6-3+deb9u9	fixed
	stretch (lts), stretch	3:3.2.6-3+deb9u12	fixed
	buster (security), buster, buster (lts)	5:5.0.14-1+deb10u5	fixed
	bullseye	5:6.0.16-1+deb11u2	fixed
	bullseye (security)	5:6.0.16-1+deb11u3	fixed
	bookworm (security), bookworm	5:7.0.15-1~deb12u1	fixed
	sid, trixie	5:7.0.15-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
redis	source	jessie	(not affected)
redis	source	stretch	(not affected)
redis	source	buster	(not affected)
redis	source	bullseye	(not affected)
redis	source	(unstable)	5:7.0.8-1	1029363

Notes

[bullseye] - redis <not-affected> (Vulnerable code introduced later)
[buster] - redis <not-affected> (Vulnerable code introduced later)
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
Introduced after: https://github.com/redis/redis/commit/b9a0500f16d0cd016398133cc7ac256ad927b679 (6.2-rc3)
Fixed by: https://github.com/redis/redis/commit/3f1f02034ce674cad8268f958cf8c39944b240c6 (7.0.8)
[stretch] - redis <not-affected> (Vulnerable code introduced later)
[jessie] - redis <not-affected> (Vulnerable code introduced later)