CVE-2023-28856: - The vulnerability allows a remote user to perform a denial of service (DoS) attack. - The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access. Vulnerable software versions: Redis: 7.0.0 - 7.0.10, 6.2.0 - 6.2.11, 6.0.0 - 6.0.18 References: https://github.com/redis/redis/releases/tag/7.0.11
Created redis tracking bugs for this issue: Affects: epel-7 [bug 2187526] Affects: fedora-36 [bug 2187527] Affects: fedora-37 [bug 2187528]
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2023:3326 https://access.redhat.com/errata/RHSA-2023:3326
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-28856