Mageia 8: 2023-0086 Critical Denial of Service and Overflow Fix
mageia
March 11, 2023
Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process
Summary
Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can
trigger an integer overflow, resulting in a runtime assertion and
termination of the Redis server process. (CVE-2023-25155)
String matching commands (like SCAN or KEYS) with a specially crafted
pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time. (CVE-2022-36021)
References
- https://bugs.mageia.org/show_bug.cgi?id=31616
- https://github.com/redis/redis/releases/tag/6.0.18
- https://www.cve.org/CVERecord?id=CVE-2023-25155
- https://www.cve.org/CVERecord?id=CVE-2022-36021
Topics Covered
Resolution
SRPMS
- 8/core/redis-6.0.18-1.mga8
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 11 Mar 2023
URL: https://advisories.mageia.org/MGASA-2023-0086.html
Type: security
CVE: CVE-2023-25155, CVE-2022-36021
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!