CVE-2023-41056

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Published: Jan 10, 2024
Updated: May 10, 2024
CVE: CVE-2023-41056
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-190
CWE-762

Affected Software
References

Software	From	Fixed in
redis / redis	7.2.0	7.2.4
redis / redis	7.0.9	7.0.15
fedoraproject / fedora	38	38.x
fedoraproject / fedora	39	39.x

https://github.com/redis/redis/releases/tag/7.0.15
https://github.com/redis/redis/releases/tag/7.2.4
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
https://lists.fedoraproject.org/archives/list/[email protected]/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/
https://lists.fedoraproject.org/archives/list/[email protected]/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/
https://security.netapp.com/advisory/ntap-20240223-0003/

Vulnerability Database

289,599

CVE-2023-41056