Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28425

Опубликовано: 20 мар. 2023
Источник: redhat
CVSS3: 5.5
EPSS Средний

Описание

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

A command injection flaw was discovered in Redis, which exists due to a reachable assertion when handling the MSETNX command. By sending a specially crafted MSETNX command, a local authenticated attacker can cause a denial of service condition by terminating the Redis server process.

Отчет

The vulnerability was introduced in Redis v7.0.8. Red Hat enterprise Linux - 8, 9 ships Redis v6.x.x and lower, which does not contain the vulnerable code. Hence, not-affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Not affected
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Enterprise Linux 8redis:6/redisNot affected
Red Hat Enterprise Linux 9redisNot affected
Red Hat Fuse 7redisNot affected
Red Hat OpenStack Platform 13 (Queens)redisNot affected
Red Hat Quay 3quay/quay-rhel8Not affected
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Software Collectionsrh-redis6-redisNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=2180268redis: Specially crafted MSETNX command can lead to denial-of-service

EPSS

Процентиль: 96%
0.27369
Средний

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28425

CVSS3: 5.5
ubuntu
больше 2 лет назад

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

nvd логотип

CVE-2023-28425

CVSS3: 5.5
nvd
больше 2 лет назад

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

msrc логотип

CVE-2023-28425

CVSS3: 5.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-28425

CVSS3: 5.5
debian
больше 2 лет назад

Redis is an in-memory database that persists on disk. Starting in vers ...

redos логотип

ROS-20230407-02

CVSS3: 5.5
redos
около 2 лет назад

Уязвимость Redis

EPSS

Процентиль: 96%
0.27369
Средний

5.5 Medium

CVSS3