Off-by-one Error
CVE-2023-28858
Summary
The redis-py versions prior to 4.3.6, 4.4.x prior to 4.4.3, and 4.5.x prior to 4.5.3 as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner.
- HIGH
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-193 - Off-by-one Error
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
References
Advisory Timeline
- Published