http://bugzilla.opensuse.org/show_bug.cgi?id=1209528 Bug ID: 1209528 Summary: VUL-0: CVE-2023-28425: redis: specially crafted MSETNX command can lead to assertion and denial-of-service Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: danilo.spinella@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: --- Blocker: --- It was discovered that in redis before 7.0.10 authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. Affects redis >= 7.0.8, fixed in 7.0.10. CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (5.5) https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c https://github.com/redis/redis/releases/tag/7.0.10 https://github.com/redis/redis/blob/7.0.10/00-RELEASENOTES https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25... -- You are receiving this mail because: You are on the CC list for the bug.