Vulnerability CVE-2023-28856: Information

Description

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-28856
Published: April 19, 2023
Modified: June 1, 2023
Error type identifier: CWE-617

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
redissisyphus7.0.12-alt17.2.4-alt1.1ALT-PU-2023-4982-3327278Fixed
redissisyphus_e2k7.0.12-alt17.2.4-alt1.1ALT-PU-2023-5079-1-Fixed
redissisyphus_riscv647.2.0-alt0.port7.2.4-alt0.portALT-PU-2023-5217-1-Fixed
redisp106.2.13-alt16.2.14-alt1ALT-PU-2023-5230-3327639Fixed
redisp10_e2k6.2.13-alt16.2.14-alt1ALT-PU-2023-5452-1-Fixed
redisc10f16.2.13-alt16.2.13-alt1ALT-PU-2023-5229-3327640Fixed
redisc9f26.2.13-alt16.2.13-alt1ALT-PU-2023-5487-2328853Fixed
redisp117.0.12-alt17.2.4-alt1.1ALT-PU-2023-4982-3327278Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c
  • Patch
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
  • Vendor Advisory
https://github.com/redis/redis/pull/11149
  • Issue Tracking
  • Patch
https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20230601-0007/

      1. Configuration 1

        cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
        Start including
        7.0.0
        End excliding
        7.0.11
        cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
        Start including
        6.2.0
        End excliding
        6.2.12
        cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
        End excliding
        6.0.19

        Configuration 2

        cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
        cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
        cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top