Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-22458

Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.667
EPSS Ranking 98.4%
CVSS Severity
CVSS v3 Score 5.5
Products affected by CVE-2023-22458
  • Redis » Redis » Version: 6.2.0
    cpe:2.3:a:redis:redis:6.2.0
  • Redis » Redis » Version: 6.2.1
    cpe:2.3:a:redis:redis:6.2.1
  • Redis » Redis » Version: 6.2.2
    cpe:2.3:a:redis:redis:6.2.2
  • Redis » Redis » Version: 6.2.3
    cpe:2.3:a:redis:redis:6.2.3
  • Redis » Redis » Version: 6.2.4
    cpe:2.3:a:redis:redis:6.2.4
  • Redis » Redis » Version: 6.2.5
    cpe:2.3:a:redis:redis:6.2.5
  • Redis » Redis » Version: 6.2.6
    cpe:2.3:a:redis:redis:6.2.6
  • Redis » Redis » Version: 6.2.7
    cpe:2.3:a:redis:redis:6.2.7
  • Redis » Redis » Version: 6.2.8
    cpe:2.3:a:redis:redis:6.2.8
  • Redis » Redis » Version: 7.0.0
    cpe:2.3:a:redis:redis:7.0.0
  • Redis » Redis » Version: 7.0.1
    cpe:2.3:a:redis:redis:7.0.1
  • Redis » Redis » Version: 7.0.2
    cpe:2.3:a:redis:redis:7.0.2
  • Redis » Redis » Version: 7.0.3
    cpe:2.3:a:redis:redis:7.0.3
  • Redis » Redis » Version: 7.0.4
    cpe:2.3:a:redis:redis:7.0.4
  • Redis » Redis » Version: 7.0.5
    cpe:2.3:a:redis:redis:7.0.5
  • Redis » Redis » Version: 7.0.6
    cpe:2.3:a:redis:redis:7.0.6
  • Redis » Redis » Version: 7.0.7
    cpe:2.3:a:redis:redis:7.0.7


Products
Pricing
Contact Us

Shodan ® - All rights reserved