Lucene search
Gentoo FoundationMGASA-2023-0156HistoryApr 24, 2023 - 3:20 a.m.
Updated redis packages fix security vulnerability
2023-04-2403:20:26
Gentoo Foundation
advisories.mageia.org
11
redis
security vulnerability
authenticated users
hincrbyfloat command
invalid hash field
redis crash
cve-2023-28856
unix
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
53.5%
Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. (CVE-2023-28856)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | redis | < 6.0.19-1 | redis-6.0.19-1.mga8 |
Related
cbl_mariner
cbl_mariner
CVE-2023-28856 affecting package redis 6.2.11-1
2023-05-25 17:55:45
CVE-2023-28856 affecting package redis for versions less than 6.2.12-1
2023-05-25 09:38:10
debian
debian
[SECURITY] [DLA 3396-1] redis security update
2023-04-21 15:00:01
nessus
nessus
FreeBSD : redis -- HINCRBYFLOAT can be used to crash a redis-server process (96b2d4db-ddd2-11ed-b6ea-080027f5fec9)
2023-05-08 00:00:00
Fedora 36 : redis (2023-04239b5758)
2023-04-26 00:00:00
Fedora 37 : redis (2023-5b6510a584)
2023-04-26 00:00:00
osv
osv
CVE-2023-28856
2023-04-18 21:15:09
redis - security update
2023-04-21 00:00:00
BIT-redis-2023-28856
2024-03-06 11:04:14
fedora
fedora
[SECURITY] Fedora 36 Update: redis-6.2.12-1.fc36
2023-04-27 01:30:44
[SECURITY] Fedora 37 Update: redis-7.0.11-1.fc37
2023-04-27 00:36:29
[SECURITY] Fedora 38 Update: redis-7.0.11-1.fc38
2023-04-27 01:25:14
openvas
openvas
Redis < 6.0.19, 6.2.x < 6.2.12, 7.0.x < 7.0.11 DoS Vulnerability
2023-04-19 00:00:00
Debian: Security Advisory (DLA-3396-1)
2023-04-24 00:00:00
Fedora: Security Advisory for redis (FEDORA-2023-5b6510a584)
2023-04-27 00:00:00
redhatcve
redhatcve
CVE-2023-28856
2023-04-17 20:31:50
redos
redos
ROS-20230619-02
2023-06-19 00:00:00
freebsd
freebsd
redis -- HINCRBYFLOAT can be used to crash a redis-server process
2023-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2023-28856
2023-04-18 00:00:00
prion
prion
Command injection
2023-04-18 21:15:00
nvd
nvd
CVE-2023-28856
2023-04-18 21:15:09
veracode
veracode
Improper Input Validation
2023-04-26 13:47:14
cve
cve
CVE-2023-28856
2023-04-18 21:15:09
debiancve
debiancve
CVE-2023-28856
2023-04-18 21:15:09
cvelist
cvelist
CVE-2023-28856 `HINCRBYFLOAT` can be used to crash a redis-server process
2023-04-18 20:50:03
ibm
ibm
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0001
2023-05-02 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0570
2023-04-25 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0380
2023-04-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2174
2023-06-27 07:49:03
ubuntu
ubuntu
Redis vulnerabilities
2023-12-05 00:00:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
53.5%
Related for MGASA-2023-0156