=====================================================================

                               CERT-Renater

                   Note d'Information No. 2023/VULN014

_____________________________________________________________________

DATE                : 24/01/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Redis versions prior to 6.2.9,
                                          7.0.8.

=====================================================================
https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj
https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j
_____________________________________________________________________


Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands
may lead to denial-of-service
Moderate	yossigo published GHSA-r8w2-2m53-gprj

Package
Redis

Affected versions
6.2 or newer

Patched versions
6.2.9, 7.0.8


Description

Impact
Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with
specially crafted arguments to trigger a denial-of-service by crashing
Redis with an assertion.

This problem affects Redis 6.2 or newer.


Patches
The problem is fixed in Redis versions 6.2.9 and 7.0.8.


Credit
This issue has been identified and reported by yype on GitHub.

For more information
If you have any questions or comments about this advisory:

Open an issue in the Redis repository
Email us at redis@redis.io

Severity
Moderate

5.5/ 10

CVSS base metrics

Attack vector
Local

Attack complexity
Low

Privileges required
Low

User interaction
None

Scope
Unchanged

Confidentiality
None

Integrity
None

Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE ID
CVE-2023-22458

Weaknesses
CWE-190

_____________________________________________________________________

Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may
result with false OOM panic
Moderate	yossigo published GHSA-mrcw-fhw9-fj8j

Package
Redis (N/A)

Affected versions
All versions

Patched versions
7.0.8, 6.2.9, 6.0.17


Description
Impact

Authenticated users issuing specially crafted SETRANGE and SORT(_RO)
commands can trigger an integer overflow, resulting with Redis
attempting to allocate impossible amounts of memory and abort with an
OOM panic.


Patches
The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17.


Credit
The issue has been identified by Xion (SeungHyun Lee) of KAIST GoN

For more information
If you have any questions or comments about this advisory:

Open an issue in the Redis repository
Email us at redis@redis.io


Severity
Moderate

5.5/ 10

CVSS base metrics

Attack vector
Local

Attack complexity
Low

Privileges required
Low

User interaction
None

Scope
Unchanged

Confidentiality
None

Integrity
None

Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE ID
CVE-2022-35977

Weaknesses
CWE-190

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================