FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- HINCRBYFLOAT can be used to crash a redis-server process

Affected packages
		redis	<	7.0.11
		redis62	<	6.2.12
		redis6	<	6.0.19

Details

VuXML ID	96b2d4db-ddd2-11ed-b6ea-080027f5fec9
Discovery	2023-04-17
Entry	2023-05-08

Redis core team reports:

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access.

[source]

References

CVE Name	CVE-2023-28856
URL	https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.