FreeBSD: VID-5FA68BD9-95D9-11ED-811A-080027F5FEC9 (CVE-2023-22458): redis -- multiple vulnerabilities

FreeBSD: VID-5FA68BD9-95D9-11ED-811A-080027F5FEC9 (CVE-2023-22458): redis -- multiple vulnerabilities

Severity

5

CVSS

(AV:L/AC:L/Au:S/C:N/I:N/A:C)

Published

01/16/2023

Created

01/20/2023

Added

01/18/2023

Modified

01/28/2025

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-5FA68BD9-95D9-11ED-811A-080027F5FEC9:

The Redis core team reports:

CVE-2022-35977

Integer overflow in the Redis SETRANGE and SORT/SORT_RO

commands can drive Redis to OOM panic.

CVE-2023-22458

Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER

commands can lead to denial-of-service.

Solution(s)

• freebsd-upgrade-package-redis
• freebsd-upgrade-package-redis-devel
• freebsd-upgrade-package-redis6
• freebsd-upgrade-package-redis62

References

• CVE-2023-22458