CVE-2023-41056

CVSS V2 None CVSS V3 None

Description

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Overview

CVE ID
CVE-2023-41056

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2024-01-10T15:59:36.752Z

Last Modified Date
2024-01-10T15:59:36.752Z

Weakness Enumerations

CWE	URL
CWE-762	http://cwe.mitre.org/data/definitions/762.html
CWE-190	http://cwe.mitre.org/data/definitions/190.html

References

Reference URL	Reference Tags
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m	x_refsource_CONFIRM
https://github.com/redis/redis/releases/tag/7.0.15	x_refsource_MISC
https://github.com/redis/redis/releases/tag/7.2.4	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/
https://security.netapp.com/advisory/ntap-20240223-0003/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-41056
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41056

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 03:35:33				Added to TrackCVE