Vulnerability
KeyDB inherits CVE-2023-28856 from Redis — HINCRBYFLOAT accepts extreme floating-point values that produce invalid data in ziplist encoding.
Reproduction
keydb-cli HSET h f 1e308
keydb-cli HINCRBYFLOAT h f 1e308
Produces a 309-digit number stored in ziplist, which can trigger assertion failures on subsequent operations.
Tested Version
KeyDB latest master (git sha 603ebb27).
Vulnerability
KeyDB inherits CVE-2023-28856 from Redis —
HINCRBYFLOATaccepts extreme floating-point values that produce invalid data in ziplist encoding.Reproduction
Produces a 309-digit number stored in ziplist, which can trigger assertion failures on subsequent operations.
Tested Version
KeyDB latest master (git sha
603ebb27).