Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28856

Опубликовано: 17 апр. 2023
Источник: redhat
CVSS3: 5.5

Описание

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Affected
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Enterprise Linux 9redisWill not fix
Red Hat Fuse 7redisNot affected
Red Hat OpenStack Platform 13 (Queens)redisOut of support scope
Red Hat Quay 3quay/quay-rhel8Affected
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Software Collectionsrh-redis6-redisWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2acm-governance-policy-addon-controller-containerFixedRHSA-2023:332626.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2187525redis: Insufficient validation of HINCRBYFLOAT command

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28856

CVSS3: 5.5
ubuntu
почти 3 года назад

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

nvd логотип

CVE-2023-28856

CVSS3: 5.5
nvd
почти 3 года назад

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

msrc логотип

CVE-2023-28856

CVSS3: 6.5
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2023-28856

CVSS3: 5.5
debian
почти 3 года назад

Redis is an open source, in-memory database that persists on disk. Aut ...

fstec логотип

BDU:2023-03722

CVSS3: 6.5
fstec
почти 3 года назад

Уязвимость системы управления базами данных (СУБД) Redis, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

5.5 Medium

CVSS3