From 2d8277f22647235c423c1343bcb73521127f7347 Mon Sep 17 00:00:00 2001
From: fydeng <dengfuyang@outlook.com>
Date: Sat, 15 Apr 2023 17:37:05 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0CVE-2023-22458?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/redis/2023/CVE-2023-22458/README.md | 3 +++
 cve/redis/2023/README.md                | 3 +++
 2 files changed, 6 insertions(+)
 create mode 100644 cve/redis/2023/CVE-2023-22458/README.md
 create mode 100644 cve/redis/2023/README.md

diff --git a/cve/redis/2023/CVE-2023-22458/README.md b/cve/redis/2023/CVE-2023-22458/README.md
new file mode 100644
index 00000000..f1018e38
--- /dev/null
+++ b/cve/redis/2023/CVE-2023-22458/README.md
@@ -0,0 +1,3 @@
+Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+经过身份验证的用户可以发出带有特制参数的 HRANDFIELD 或 ZRANDMEMBER 命令，通过断言失败使 Redis 崩溃来触发拒绝服务。 此问题会影响 Redis 版本 6.2 或更高版本（但不包括 6.2.9）以及版本 7.0（但不包括 7.0.8）， 建议用户升级。 此漏洞没有已知的解决方法。
diff --git a/cve/redis/2023/README.md b/cve/redis/2023/README.md
new file mode 100644
index 00000000..2433ebfa
--- /dev/null
+++ b/cve/redis/2023/README.md
@@ -0,0 +1,3 @@
+Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
+
+经过身份验证的用户可以发出带有特制参数的 HRANDFIELD 或 ZRANDMEMBER 命令，通过断言失败使 Redis 崩溃来触发拒绝服务。 此问题会影响 Redis 版本 6.2 或更高版本（但不包括 6.2.9）以及版本 7.0（但不包括 7.0.8）， 建议用户升级。 此漏洞没有已知的解决方法
-- 
Gitee