Impact
Authenticated users can issue a HRANDFIELD
or ZRANDMEMBER
command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion.
This problem affects Redis 6.2 or newer.
Patches
The problem is fixed in Redis versions 6.2.9 and 7.0.8.
Credit
This issue has been identified and reported by yype on GitHub.
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users can issue a
HRANDFIELD
orZRANDMEMBER
command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion.This problem affects Redis 6.2 or newer.
Patches
The problem is fixed in Redis versions 6.2.9 and 7.0.8.
Credit
This issue has been identified and reported by yype on GitHub.
For more information
If you have any questions or comments about this advisory: