CVE-2023-41056
HIGHRedis 7.0.9-7.0.14 and 7.2.0-7.2.3 - Remote Code Execution via Heap Overflow
Title source: manualDescription
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
References (6)
Core 6
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240223-0003/
Vendor Advisory x_refsource_confirm
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
Release Notes x_refsource_misc
https://github.com/redis/redis/releases/tag/7.0.15
Release Notes x_refsource_misc
https://github.com/redis/redis/releases/tag/7.2.4
Scores
CVSS v3
8.1
EPSS
0.0751
EPSS Percentile
91.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-190
CWE-762
Status
published
Products (3)
fedoraproject/fedora
38
fedoraproject/fedora
39
redis/redis
7.0.9 - 7.0.15
Published
Jan 10, 2024
Tracked Since
Feb 18, 2026