CVE-2023-28858 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-28858 Interim 1 5 2023-09-06T23:19:20Z current 2023-03-28T23:13:30Z 2023-09-06T23:19:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-28858 redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP4 SUSE Linux Enterprise Module for Package Hub 15 SP5 SUSE Manager Client Tools for SLE 15 SUSE Manager Proxy Module 4.2 SUSE Manager Proxy Module 4.3 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed python-redis python3-redis python310-redis-4.5.4-1.1 python311-redis-4.5.4-1.1 python39-redis-4.5.4-1.1 python310-redis-4.5.4-1.1 as a component of openSUSE Tumbleweed python311-redis-4.5.4-1.1 as a component of openSUSE Tumbleweed python39-redis-4.5.4-1.1 as a component of openSUSE Tumbleweed python3-redis as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 python-redis as a component of SUSE Linux Enterprise Module for Package Hub 15 SP4 python3-redis as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-redis as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 python-redis as a component of SUSE Manager Client Tools for SLE 15 python3-redis as a component of SUSE Manager Proxy Module 4.2 python-redis as a component of SUSE Manager Proxy Module 4.2 python3-redis as a component of SUSE Manager Proxy Module 4.3 python-redis as a component of SUSE Manager Proxy Module 4.3 python-redis as a component of SUSE OpenStack Cloud 9 python-redis as a component of SUSE OpenStack Cloud Crowbar 9 redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general. CVE-2023-28858 openSUSE Tumbleweed:python310-redis-4.5.4-1.1 openSUSE Tumbleweed:python311-redis-4.5.4-1.1 openSUSE Tumbleweed:python39-redis-4.5.4-1.1 SUSE Linux Enterprise Module for Package Hub 15 SP4:python-redis SUSE Linux Enterprise Module for Package Hub 15 SP4:python3-redis SUSE Linux Enterprise Module for Package Hub 15 SP5:python-redis SUSE Linux Enterprise Module for Package Hub 15 SP5:python3-redis SUSE Manager Client Tools for SLE 15:python-redis SUSE Manager Proxy Module 4.2:python-redis SUSE Manager Proxy Module 4.2:python3-redis SUSE Manager Proxy Module 4.3:python-redis SUSE Manager Proxy Module 4.3:python3-redis SUSE OpenStack Cloud 9:python-redis SUSE OpenStack Cloud Crowbar 9:python-redis moderate 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N