Impact
Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion.
This problem affects Redis 6.2 or newer.
Patches
The problem is fixed in Redis versions 6.2.9 and 7.0.8.
Credit
This issue has been identified and reported by yype on GitHub.
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users can issue a
HRANDFIELDorZRANDMEMBERcommand with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion.This problem affects Redis 6.2 or newer.
Patches
The problem is fixed in Redis versions 6.2.9 and 7.0.8.
Credit
This issue has been identified and reported by yype on GitHub.
For more information
If you have any questions or comments about this advisory: