Integer Overflow or Wraparound Affecting redis package, versions <6.2.9-r0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALPINE314-REDIS-3243489
- published 20 Jan 2023
- disclosed 20 Jan 2023
Introduced: 20 Jan 2023
CVE-2023-22458 Open this link in a new tabHow to fix?
Upgrade Alpine:3.14
redis
to version 6.2.9-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream redis
package and not the redis
package as distributed by Alpine
.
See How to fix?
for Alpine:3.14
relevant fixed versions and status.
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD
or ZRANDMEMBER
command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.