Impact
Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.
This problem affects all Redis versions.
Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Yupeng Yang.
For more information
If you have any questions or comments about this advisory:
Impact
Authenticated users issuing specially crafted
SRANDMEMBER,ZRANDMEMBER, andHRANDFIELDcommands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process.This problem affects all Redis versions.
Patches
The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
Credit
The issue has been identified by Yupeng Yang.
For more information
If you have any questions or comments about this advisory: