vulnerability

SUSE: CVE-2023-28859: SUSE Linux Security Advisory

Try Surface Command
Back to search
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
03/26/2023
Added
05/15/2024
Modified
01/28/2025

Description

redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.

Solution(s)

suse-upgrade-python-paramiko-docsuse-upgrade-python-tqdm-bash-completionsuse-upgrade-python311-aiohttpsuse-upgrade-python311-aiosignalsuse-upgrade-python311-antlr4-python3-runtimesuse-upgrade-python311-argcompletesuse-upgrade-python311-asgirefsuse-upgrade-python311-async_timeoutsuse-upgrade-python311-automatsuse-upgrade-python311-avrosuse-upgrade-python311-blinkersuse-upgrade-python311-chardetsuse-upgrade-python311-constantlysuse-upgrade-python311-decoratorsuse-upgrade-python311-deprecatedsuse-upgrade-python311-distrosuse-upgrade-python311-dockersuse-upgrade-python311-fabricsuse-upgrade-python311-fakeredissuse-upgrade-python311-fixedintsuse-upgrade-python311-fluidity-smsuse-upgrade-python311-frozenlistsuse-upgrade-python311-httplib2suse-upgrade-python311-httprettysuse-upgrade-python311-humanfriendlysuse-upgrade-python311-hyperlinksuse-upgrade-python311-importlib-metadatasuse-upgrade-python311-incrementalsuse-upgrade-python311-invokesuse-upgrade-python311-isodatesuse-upgrade-python311-javapropertiessuse-upgrade-python311-jsondiffsuse-upgrade-python311-knacksuse-upgrade-python311-lexiconsuse-upgrade-python311-marshmallowsuse-upgrade-python311-multidictsuse-upgrade-python311-oauthlibsuse-upgrade-python311-opencensussuse-upgrade-python311-opencensus-contextsuse-upgrade-python311-opencensus-ext-threadingsuse-upgrade-python311-opentelemetry-apisuse-upgrade-python311-opentelemetry-sdksuse-upgrade-python311-opentelemetry-semantic-conventionssuse-upgrade-python311-opentelemetry-test-utilssuse-upgrade-python311-paramikosuse-upgrade-python311-pathspecsuse-upgrade-python311-pipsuse-upgrade-python311-pkginfosuse-upgrade-python311-portalockersuse-upgrade-python311-psutilsuse-upgrade-python311-pycomposefilesuse-upgrade-python311-pydashsuse-upgrade-python311-pygithubsuse-upgrade-python311-pygmentssuse-upgrade-python311-pyjwtsuse-upgrade-python311-pyparsingsuse-upgrade-python311-redissuse-upgrade-python311-requests-oauthlibsuse-upgrade-python311-retryingsuse-upgrade-python311-scpsuse-upgrade-python311-semversuse-upgrade-python311-service_identitysuse-upgrade-python311-sortedcontainerssuse-upgrade-python311-sshtunnelsuse-upgrade-python311-strictyamlsuse-upgrade-python311-suresuse-upgrade-python311-tabulatesuse-upgrade-python311-tqdmsuse-upgrade-python311-twistedsuse-upgrade-python311-twisted-all_non_platformsuse-upgrade-python311-twisted-conchsuse-upgrade-python311-twisted-conch_naclsuse-upgrade-python311-twisted-contextvarssuse-upgrade-python311-twisted-http2suse-upgrade-python311-twisted-serialsuse-upgrade-python311-twisted-tlssuse-upgrade-python311-typing_extensionssuse-upgrade-python311-vcrpysuse-upgrade-python311-websocket-clientsuse-upgrade-python311-wheelsuse-upgrade-python311-wraptsuse-upgrade-python311-xmltodictsuse-upgrade-python311-yarlsuse-upgrade-python311-zippsuse-upgrade-python311-zope-interface

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today