PT-2023-2221 · Redis+4 · Redis+4

Yupeng Yang

Publicado

2023-03-20

Atualizado

2025-10-21

CVE-2023-28425

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 7.0.8 through 7.0.9

Description The issue is related to the lack of input data sanitization in the Redis database management system. Exploitation of this issue may allow an attacker to send a specially crafted MSETNX command, causing a denial of service and terminating the Redis server process. Authenticated users can trigger a runtime assertion using the MSETNX command.

Recommendations For Redis versions 7.0.8 through 7.0.9, update to Redis version 7.0.10 to resolve the issue. As a temporary workaround, consider restricting access to the MSETNX command until a patch is available.

Exploit

Correção

Assertion Failure

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-617CWE-77

Identificadores relacionados

ALT-PU-2023-4982

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-25674

BDU:2023-01970

BIT-KEYDB-2023-28425

BIT-REDIS-2023-28425

BIT-VALKEY-2023-28425

CVE-2023-28425

GHSA-MVMM-4VQ6-VW8C

OPENSUSE-SU-2023_2925-1

OPENSUSE-SU-2024:12874-1

SUSE-SU-2023:2925-1

SUSE-SU-2023_2925-1

Produtos afetados

Alt Linux

Astra Linux

Red Os

Redis

Suse

PT-2023-2221 · Redis+4 · Redis+4

CVE-2023-28425

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42