6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
48.2%
redis is vulnerable to Denial of Service (DoS) attacks. Authenticated users can trigger an integer overflow, resulting in runtime assertion and termination of the Redis server process using specially crafted commands such as SRANDMEMBER
, ZRANDMEMBER
, and HRANDFIELD
.
CPE | Name | Operator | Version |
---|---|---|---|
redis:sid | eq | 5:6.0.9-1 | |
redis:sid | eq | 5:6.0.15-1 | |
redis:sid | eq | 5:6.0.9-1 | |
redis:sid | eq | 5:6.0.15-1 |
github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619
github.com/redis/redis/releases/tag/6.0.18
github.com/redis/redis/releases/tag/6.2.11
github.com/redis/redis/releases/tag/7.0.9
github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83
security-tracker.debian.org/tracker/CVE-2023-25155
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
48.2%