From 813c162637fcd998bd99215e30e52c5cccd084ba Mon Sep 17 00:00:00 2001 From: Yasuhiro Kimura Date: Tue, 21 Mar 2023 14:47:49 +0900 Subject: security/vuxml: Document denial-of-serviece vulnerability in redis --- security/vuxml/vuln/2023.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index e1ebe5cdd044..fb52f9cc03fe 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,37 @@ + + redis -- specially crafted MSETNX command can lead to denial-of-service + + + redis + 7.0.10 + + + redis-devel + 7.0.10.20230320 + + + + +

Yupeng Yang reports:

+
+ Authenticated users can use the MSETNX command to trigger + a runtime assertion and termination of the Redis server + process. +
+

+ + + + CVE-2023-28425 + https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c + + + 2023-03-20 + 2023-03-21 + + + curl -- multiple vulnerabilities -- cgit v1.2.3