Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28856

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Published

2023-04-18T21:15:09.313

Last Modified

2024-11-21T07:56:10.077

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
CWE-617
Type: Primary
CWE-617

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redis	redis	< 6.0.19	Yes
Application	redis	redis	< 6.2.12	Yes
Application	redis	redis	< 7.0.11	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	36	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c Patch ([email protected])
https://github.com/redis/redis/pull/11149 Issue Tracking, Patch ([email protected])
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/ Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230601-0007/ ([email protected])
https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/pull/11149 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230601-0007/ (af854a3a-2127-422b-91ae-364da2661108)