CVE-2023-28425

Name
CVE-2023-28425
Description
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
MISC https://github.com/redis/redis/releases/tag/7.0.10
MISC https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9
MISC https://security.netapp.com/advisory/ntap-20230413-0005/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* redis >= None < 7.0.10
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* redis >= 7.0.8 < 7.0.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
redis 3.14-main 6.2.12-r0 TBK <alpine@jjtc.eu> possibly vulnerable
redis 3.15-main 6.2.14-r0 TBK <alpine@jjtc.eu> possibly vulnerable