2180268 – (CVE-2023-28425) CVE-2023-28425 redis: Specially crafted MSETNX command can lead to denial-of-service

Bug 2180268 (CVE-2023-28425) - CVE-2023-28425 redis: Specially crafted MSETNX command can lead to denial-of-service

Summary: CVE-2023-28425 redis: Specially crafted MSETNX command can lead to denial-of-...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2023-28425
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2180753
Blocks:	2180269
TreeView+	depends on / blocked

Reported:	2023-03-21 04:50 UTC by Sandipan Roy
Modified:	2023-03-31 15:23 UTC (History)
CC List:	54 users (show)
Fixed In Version:	redis 7.0.10
Doc Type:	If docs needed, set a value
Doc Text:	A command injection flaw was discovered in Redis, which exists due to a reachable assertion when handling the MSETNX command. By sending a specially crafted MSETNX command, a local authenticated attacker can cause a denial of service condition by terminating the Redis server process.
Clone Of:
Environment:
Last Closed:	2023-03-31 15:23:26 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sandipan Roy 2023-03-21 04:50:52 UTC

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
https://github.com/redis/redis/releases/tag/7.0.10
https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9

Comment 1 TEJ RATHI 2023-03-22 08:11:22 UTC

Created redis tracking bugs for this issue:

Affects: fedora-37 [bug 2180753]

Comment 2 TEJ RATHI 2023-03-22 08:13:36 UTC

The vulnerability was introduced in Redis v7.0.8. Red Hat enterprise Linux - 8, 9 ships Redis v6.x.x and lower, which does not contain the vulnerable code. Hence, not-affected.

Comment 3 Product Security DevOps Team 2023-03-31 15:23:21 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-28425

Note You need to log in before you can comment on or make changes to this bug.

aileenc
amackenz
amasferr
apevec
bbuckingham
bcourt
bdettelb
chazlett
cwelton
davidn
eglynn
ehelms
epacific
gmalinko
gparvin
hhorak
janstey
jcammara
jhardy
jjoyce
jneedle
jobarker
jorton
jpavlik
jsherril
lhh
lzap
mabashia
mburns
mgarciac
mhulan
mkudlej
myarboro
nathans
njean
nmoumoul
orabin
osapryki
owatkins
pahickey
pcreech
pdelbell
rchan
rcollet
redis-maint
rhos-maint
simaishi
smcdonal
spower
stcannon
teagle
tjochec
yguenane
zsadeh