Source: redis Version: 5:7.0.7-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for redis. CVE-2023-22458[0]: | Redis is an in-memory database that persists on disk. Authenticated | users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially | crafted arguments to trigger a denial-of-service by crashing Redis | with an assertion failure. This problem affects Redis versions 6.2 or | newer up to but not including 6.2.9 as well as versions 7.0 up to but | not including 7.0.8. Users are advised to upgrade. There are no known | workarounds for this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22458 https://www.cve.org/CVERecord?id=CVE-2023-22458 [1] https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj [2] https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 Please adjust the affected versions in the BTS as needed. Regards, Salvatore