FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- specially crafted MSETNX command can lead to denial-of-service

Affected packages
redis < 7.0.10
redis-devel < 7.0.10.20230320

Details

VuXML ID a60cc0e4-c7aa-11ed-8a4b-080027f5fec9
Discovery 2023-03-20
Entry 2023-03-21

Yupeng Yang reports:

Authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process.

References

CVE Name CVE-2023-28425
URL https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c