Vulnerabilities > CVE-2023-28856 - Reachable Assertion vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redis
debian
fedoraproject
CWE-617

Summary

Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue.

Vulnerable Configurations

Part Description Count
Application
Redis
180
OS
Debian
1
OS
Fedoraproject
3

Common Weakness Enumeration (CWE)