CVE-2023-28856

CVSS V2 None CVSS V3 None

Description

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Overview

CVE ID
CVE-2023-28856

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-18T21:15:09

Last Modified Date
2023-04-21T17:15:07

Weakness Enumerations

CWE	URL
CWE-20	http://cwe.mitre.org/data/definitions/20.html

References

Reference URL	Reference Tags
https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c
https://github.com/redis/redis/pull/11149
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-28856
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28856

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 00:01:03				Added to TrackCVE
2023-04-19 00:01:05			Weakness Enumeration	new
2023-04-21 18:01:00		2023-04-21T17:15:07	CVE Modified Date	updated
2023-04-21 18:01:04			References	updated
2023-04-25 16:01:33	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated