Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-28856

Опубликовано: 17 апр. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

A vulnerability was found in Redis. This flaw allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that may crash Redis on access.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Affected
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Enterprise Linux 9redisWill not fix
Red Hat Fuse 7redisNot affected
Red Hat OpenStack Platform 13 (Queens)redisOut of support scope
Red Hat Quay 3quay/quay-rhel8Affected
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Software Collectionsrh-redis6-redisWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2acm-governance-policy-addon-controller-containerFixedRHSA-2023:332626.05.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2187525redis: Insufficient validation of HINCRBYFLOAT command

EPSS

Процентиль: 34%
0.00133
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-28856

CVSS3: 5.5
ubuntu
около 2 лет назад

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

nvd логотип

CVE-2023-28856

CVSS3: 5.5
nvd
около 2 лет назад

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

msrc логотип

CVE-2023-28856

CVSS3: 6.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-28856

CVSS3: 5.5
debian
около 2 лет назад

Redis is an open source, in-memory database that persists on disk. Aut ...

redos логотип

ROS-20230619-02

CVSS3: 6.5
redos
около 2 лет назад

Уязвимость Redis

EPSS

Процентиль: 34%
0.00133
Низкий

5.5 Medium

CVSS3