How severe is CVE-2023-28858?

This vulnerability has a severity rating of LOW with a CVSS score of 3.7 out of 10.

What type of vulnerability is CVE-2023-28858?

This is classified as CWE-193, which is a common weakness in software security.

CVE-2023-28858 - LOW Severity | CVSS 3.7

Vulnerability Description

redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.

Related Vulnerabilities

CVE-2023-27477

MEDIUM

CVSS:4.3(Medium)

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce th...

CWE-1932023

CVE-2024-53149

MEDIUM

CVSS:4.6(Medium)

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Cor...

CWE-1932024

CVE-2017-1000416

MEDIUM

CVSS:5.3(Medium)

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.

CWE-1932017

CVE-2022-36354

MEDIUM

CVSS:5.3(Medium)

A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A ...

CWE-1932022

CVE-2023-41880

MEDIUM

CVSS:5.3(Medium)

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 pl...

CWE-1932023

CVE-2024-31585

MEDIUM

CVSS:5.3(Medium)

FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a ...

CWE-1932024