CVE-2023-28856: `HINCRBYFLOAT` can be used to crash a redis-server process
First published: Mon Apr 17 2023(Updated: )
Redis is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted HINCRBYFLOAT command, a local authenticated attacker could exploit this vulnerability to cause the redis-server process to crash.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redis Redis | <6.0.19 | |
| Redis Redis | >=6.2.0<6.2.12 | |
| Redis Redis | >=7.0.0<7.0.11 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| IBM Planning Analytics | <=2.0 | |
| ubuntu/redis | <5:4.0.9-1ubuntu0.2+ | 5:4.0.9-1ubuntu0.2+ |
| ubuntu/redis | <5:7.0.11-1 | 5:7.0.11-1 |
| ubuntu/redis | <5:5.0.7-2ubuntu0.1+ | 5:5.0.7-2ubuntu0.1+ |
| ubuntu/redis | <5:6.0.16-1ubuntu1+ | 5:6.0.16-1ubuntu1+ |
| ubuntu/redis | <2:2.8.4-2ubuntu0.2+ | 2:2.8.4-2ubuntu0.2+ |
| ubuntu/redis | <2:3.0.6-1ubuntu0.4+ | 2:3.0.6-1ubuntu0.4+ |
| redhat/redis | <7.0.11 | 7.0.11 |
| redhat/redis | <6.2.12 | 6.2.12 |
| redhat/redis | <6.0.19 | 6.0.19 |
| debian/redis | <=5:5.0.14-1+deb10u2<=5:6.0.16-1+deb11u2 | 5:5.0.14-1+deb10u5 5:7.0.15-1~deb12u1 5:7.0.15-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2023-28856 https://nvd.nist.gov/vuln/detail/CVE-2023-28856 https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
- https://bugzilla.redhat.com/show_bug.cgi?id=2187525
- https://access.redhat.com/errata/RHSA-2023:3326
- https://access.redhat.com/security/cve/cve-2023-28856
- https://github.com/redis/redis/commit/bc7fe41e5857a0854d524e2a63a028e9394d2a5c
- https://github.com/redis/redis/pull/11149
- https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6
- https://lists.debian.org/debian-lts-announce/2023/04/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQ4DJSO4DMR55AWK6OPVJH5UTEB35R2Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPUTH7NBQTZDVJWFNUD24ZCS6NDUFYS6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQGKMKSQE67L32HE6W5EI2I2YKW5VWHI/
- https://security.netapp.com/advisory/ntap-20230601-0007/
- https://launchpad.net/bugs/cve/CVE-2023-28856
- https://exchange.xforce.ibmcloud.com/vulnerabilities/253237
- https://www.ibm.com/support/pages/node/7096528 (Advisory)
- https://github.com/redis/redis/releases/tag/7.0.11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2187526
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2187527
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2187528
- https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073
- https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b
- https://security-tracker.debian.org/tracker/CVE-2023-28856
- https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11)
- https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12)
- https://ubuntu.com/security/notices/USN-6531-1
- https://www.cve.org/CVERecord?id=CVE-2023-28856
- https://nvd.nist.gov/vuln/detail/CVE-2023-28856
- https://ubuntu.com/security/CVE-2023-28856
Frequently Asked Questions
What is CVE-2023-28856?
CVE-2023-28856 is a vulnerability found in Redis that allows authenticated users to use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access.
What is the severity of CVE-2023-28856?
CVE-2023-28856 has a severity rating of 6.5, which is classified as medium.
How can I exploit the CVE-2023-28856 vulnerability?
To exploit CVE-2023-28856, an attacker needs to be an authenticated user and use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access.
How can I fix CVE-2023-28856?
To fix CVE-2023-28856, update Redis to version 7.0.11, 6.2.12, or 6.0.19.
Where can I find more information about CVE-2023-28856?
You can find more information about CVE-2023-28856 in the reference links: https://github.com/redis/redis/releases/tag/7.0.11, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2187526, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2187527
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-28856
- agent/last-modified-date
- agent/trending
- vendor/redis
- canonical/redis redis
- version/redis redis/6.2.0
- version/redis redis/7.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- vendor/ibm
- canonical/ibm planning analytics
- version/ibm planning analytics/2.0
- package-manager/debian
- package-manager/ubuntu
- package-manager/redhat