cbcvebase.
CVE-2023-28425
published 2023-03-20

CVE-2023-28425: Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to…

PriorityP339medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
54.98%
98.9th percentile
Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianredis< redis 5:7.0.10-1 (bookworm)redis 5:7.0.10-1 (bookworm)
msrccbl2_redis_6.2.12-1_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_redis_6.2.11-1_on_cbl_mariner_1.0
redisredis
redisredis>= 0 < 5:7.0.10-15:7.0.10-1
redisredis>= 0 < 5:7.0.10-15:7.0.10-1
redisredis>= 0 < 5:7.0.10-15:7.0.10-1
redisredis>= 7.0.8 < 7.0.107.0.10

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition: authenticated users sending the MSETNX command to a Redis 7.0.8–7.0.9 server can cause a runtime assertion and process termination (DoS)
  • The vulnerability was introduced in Redis v7.0.8 and is only present in that specific version range; Redis v6.x and below are NOT affected and can be used to filter alerts
  • A specially crafted MSETNX command is the attack vector; monitor Redis command logs for MSETNX usage followed by unexpected server process crashes
  • ·Only Redis versions 7.0.8 and 7.0.9 are vulnerable; the fix is present in 7.0.10 and later. Deployments running Redis ≤7.0.7 or ≥7.0.10 are not affected.
  • ·Exploitation requires an authenticated session; unauthenticated attackers cannot trigger this vulnerability.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.