FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- HINCRBYFLOAT can be used to crash a redis-server process

Affected packages
redis < 7.0.11
redis62 < 6.2.12
redis6 < 6.0.19

Details

VuXML ID 96b2d4db-ddd2-11ed-b6ea-080027f5fec9
Discovery 2023-04-17
Entry 2023-05-08

Redis core team reports:

Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that may later crash Redis on access.

References

CVE Name CVE-2023-28856
URL https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6