CVE-2023-28425

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 7.0.8 through 7.0.9

Description The issue is related to the lack of input data sanitization in the Redis database management system. Exploitation of this issue may allow an attacker to send a specially crafted MSETNX command, causing a denial of service and terminating the Redis server process. Authenticated users can trigger a runtime assertion using the MSETNX command.

Recommendations For Redis versions 7.0.8 through 7.0.9, update to Redis version 7.0.10 to resolve the issue. As a temporary workaround, consider restricting access to the MSETNX command until a patch is available.

Exploit

Fix

Assertion Failure

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617CWE-77

Related Identifiers

ALT-PU-2023-4982

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-25674

BDU:2023-01970

BIT-KEYDB-2023-28425

BIT-REDIS-2023-28425

BIT-VALKEY-2023-28425

CVE-2023-28425

GHSA-MVMM-4VQ6-VW8C

OPENSUSE-SU-2023_2925-1

OPENSUSE-SU-2024:12874-1

SUSE-SU-2023:2925-1

SUSE-SU-2023_2925-1

Affected Products

Alt Linux

Astra Linux

Red Os

Redis

Suse

CVE-2023-28425

Weakness Enumeration

Related Identifiers

Affected Products

References · 42