CVE-2023-28856
Published: 18 April 2023
Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.
Priority
Status
Package | Release | Status |
---|---|---|
redis Launchpad, Ubuntu, Debian |
bionic |
Released
(5:4.0.9-1ubuntu0.2+esm4)
Available with Ubuntu Pro |
focal |
Released
(5:5.0.7-2ubuntu0.1+esm2)
Available with Ubuntu Pro |
|
jammy |
Released
(5:6.0.16-1ubuntu1+esm1)
Available with Ubuntu Pro |
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
mantic |
Needs triage
|
|
trusty |
Released
(2:2.8.4-2ubuntu0.2+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(5:7.0.11-1)
|
|
xenial |
Released
(2:3.0.6-1ubuntu0.4+esm2)
Available with Ubuntu Pro |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
- https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
- https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11)
- https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12)
- https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c
- https://github.com/redis/redis/pull/11149
- https://ubuntu.com/security/notices/USN-6531-1
- https://www.cve.org/CVERecord?id=CVE-2023-28856
- NVD
- Launchpad
- Debian