CVE-2023-28425 - OpenCVE

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redis	Redis

Configuration 1 [-]

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9
https://github.com/redis/redis/releases/tag/7.0.10
https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c
https://nvd.nist.gov/vuln/detail/CVE-2023-28425
https://security.netapp.com/advisory/ntap-20230413-0005/
https://www.cve.org/CVERecord?id=CVE-2023-28425

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-03-20T19:03:37.983Z

Updated: 2024-08-02T12:38:25.331Z

Reserved: 2023-03-15T15:59:10.047Z

Link: CVE-2023-28425

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-20T20:15:52.787

Modified: 2023-04-13T17:15:19.497

Link: CVE-2023-28425

Redhat

Severity : Moderate

Publid Date: 2023-03-20T00:00:00Z

Links: CVE-2023-28425 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28425", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-03-15T15:59:10.047Z", "datePublished": "2023-03-20T19:03:37.983Z", "dateUpdated": "2024-08-02T12:38:25.331Z"}, "containers": {"cna": {"title": "Specially crafted MSETNX command can lead to denial-of-service", "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "lang": "en", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.0.8, < 7.0.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-20T19:03:37.983Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10."}], "source": {"advisory": "GHSA-mvmm-4vq6-vw8c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:38:25.331Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"name": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.10", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"url": "https://security.netapp.com/advisory/ntap-20230413-0005/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3A3D6B1-C1A2-420D-9AD7-F9F6F04E6CFD", "versionEndExcluding": "7.0.10", "versionStartIncluding": "7.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10."}], "id": "CVE-2023-28425", "lastModified": "2023-04-13T17:15:19.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-03-20T20:15:52.787", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.10"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20230413-0005/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "redis: Specially crafted MSETNX command can lead to denial-of-service", "id": "2180268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180268"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-77", "details": ["Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.", "A command injection flaw was discovered in Redis, which exists due to a reachable assertion when handling the MSETNX command. By sending a specially crafted MSETNX command, a local authenticated attacker can cause a denial of service condition by terminating the Redis server process."], "name": "CVE-2023-28425", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/search-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Not affected", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "redis:6/redis", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "satellite:el8/rubygem-gitlab-sidekiq-fetcher", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2023-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-28425\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28425\nhttps://github.com/redis/redis/releases/tag/7.0.10\nhttps://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c"], "statement": "The vulnerability was introduced in Redis v7.0.8. Red Hat enterprise Linux - 8, 9 ships Redis v6.x.x and lower, which does not contain the vulnerable code. Hence, not-affected.", "threat_severity": "Moderate", "upstream_fix": "redis 7.0.10"}