Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.
References
Link | Resource |
---|---|
https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c | Patch |
https://github.com/redis/redis/pull/11149 | Issue Tracking Patch |
https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 | Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/ | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20230601-0007/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-18T20:50:03.691Z
Updated: 2023-04-18T20:50:03.691Z
Reserved: 2023-03-24T16:25:34.468Z
Link: CVE-2023-28856
JSON object: View
NVD Information
Status : Modified
Published: 2023-04-18T21:15:09.313
Modified: 2023-06-01T14:15:11.300
Link: CVE-2023-28856
JSON object: View
Redhat Information
No data.