3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-28858

GHSA ID

GHSA-24wv-mv5m-xv4h

EPSS Score

0.81663%

CWE

CWE-193

Published

3/26/2023

Updated

10/25/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-28858

CVE-2023-28858: redis-py Race Condition vulnerability

redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3, but are believed to be incomplete. CVE-2023-28859 has been assigned the issues caused by the incomplete fixes.

(GitHub Advisory)

3.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-28858

GHSA ID

GHSA-24wv-mv5m-xv4h

EPSS Score

0.81663%

CWE

CWE-193

Published

3/26/2023

Updated

10/25/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
redis	pip	>= 4.4.0, < 4.4.3	4.4.3
redis	pip	>= 4.5.0, < 4.5.3	4.5.3
redis	pip	>= 4.2.0, < 4.3.6	4.3.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of async command cancellation in pipeline operations. The _send_command_parse_response function in redis/asyncio/client.py was identified as the core execution path where canceled async commands could leave connections in an inconsistent state. The race condition occurs when cancellation happens after command transmission but before response parsing, creating mismatched response sequencing. The commit d56baeb683fc added cancellation handling here, confirming this function's central role. CVE-2023-28858 specifically mentions this off-by-one response leakage scenario in async operations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

r**is-py ***or* *.*.*, *s us** in ***t*PT *n* ot**r pro*u*ts, l**v*s * *onn**tion op*n **t*r **n**lin* *n *syn* R**is *omm*n* *t *n inopportun* tim* (in t** **s* o* * pip*lin* op*r*tion), *n* **n s*n* r*spons* **t* to t** *li*nt o* *n unr*l*t** r*qu*

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *syn* *omm*n* **n**ll*tion in pip*lin* op*r*tions. T** _s*n*_*omm*n*_p*rs*_r*spons* *un*tion in r**is/*syn*io/*li*nt.py w*s i**nti*i** *s t** *or* *x**ution p*t* w**r* **n**l** *syn* *omm*n*s *oul* l*

3.7

Basic Information

Concerned about an active attack path?

CVE-2023-28858: redis-py Race Condition vulnerability

3.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI