CVE-2023-28425 - Vulnerability Details - OpenCVE

Description

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

Published: 2023-03-20

Score: 5.5 Medium

EPSS: 45.3% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

redis

redis

affected

Version	Status	Constraints
`>= 7.0.8, < 7.0.10`	affected	—

Configuration 1 [-]

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.45293.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9
https://github.com/redis/redis/releases/tag/7.0.10
https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
https://nvd.nist.gov/vuln/detail/CVE-2023-28425
https://security.netapp.com/advisory/ntap-20230413-0005/
https://www.cve.org/CVERecord?id=CVE-2023-28425

History

Tue, 25 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Redis Redis

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-20T19:03:37.983Z

Updated: 2025-02-25T14:52:01.127Z

Reserved: 2023-03-15T15:59:10.047Z

Link: CVE-2023-28425

Vulnrichment

Updated: 2024-08-02T12:38:25.331Z

NVD

Status : Modified

Published: 2023-03-20T20:15:52.787

Modified: 2024-11-21T07:55:02.423

Link: CVE-2023-28425

Redhat

Severity : Moderate

Publid Date: 2023-03-20T00:00:00Z

Links: CVE-2023-28425 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28425", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-15T15:59:10.047Z", "datePublished": "2023-03-20T19:03:37.983Z", "dateUpdated": "2025-02-25T14:52:01.127Z"}, "containers": {"cna": {"title": "Specially crafted MSETNX command can lead to denial-of-service", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.0.8, < 7.0.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-13T16:06:24.342Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10."}], "source": {"advisory": "GHSA-mvmm-4vq6-vw8c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.331Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-25T14:28:29.443473Z", "id": "CVE-2023-28425", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:52:01.127Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/redis/redis/releases/tag/7.0.10", "name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.331Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-28425", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-25T14:28:29.443473Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-25T14:28:30.768Z"}}], "cna": {"title": "Specially crafted MSETNX command can lead to denial-of-service", "source": {"advisory": "GHSA-mvmm-4vq6-vw8c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"status": "affected", "version": ">= 7.0.8, < 7.0.10"}]}], "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/redis/redis/releases/tag/7.0.10", "name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC"]}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-13T16:06:24.342Z"}}}, "cveMetadata": {"cveId": "CVE-2023-28425", "state": "PUBLISHED", "dateUpdated": "2025-02-25T14:52:01.127Z", "dateReserved": "2023-03-15T15:59:10.047Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-03-20T19:03:37.983Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A3D6B1-C1A2-420D-9AD7-F9F6F04E6CFD", "versionEndExcluding": "7.0.10", "versionStartIncluding": "7.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10."}], "id": "CVE-2023-28425", "lastModified": "2024-11-21T07:55:02.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-20T20:15:52.787", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "redis: Specially crafted MSETNX command can lead to denial-of-service", "id": "2180268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180268"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-77", "details": ["Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.", "A command injection flaw was discovered in Redis, which exists due to a reachable assertion when handling the MSETNX command. By sending a specially crafted MSETNX command, a local authenticated attacker can cause a denial of service condition by terminating the Redis server process."], "name": "CVE-2023-28425", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "redis:6/redis", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/rubygem-gitlab-sidekiq-fetcher", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2023-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28425\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28425\nhttps://github.com/redis/redis/releases/tag/7.0.10\nhttps://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"], "statement": "The vulnerability was introduced in Redis v7.0.8. Red Hat enterprise Linux - 8, 9 ships Redis v6.x.x and lower, which does not contain the vulnerable code. Hence, not-affected.", "threat_severity": "Moderate"}