Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
References
Link | Resource |
---|---|
https://github.com/redis/redis/releases/tag/7.0.15 | Release Notes |
https://github.com/redis/redis/releases/tag/7.2.4 | Release Notes |
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m | Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/ | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20240223-0003/ |
Configurations
History
23 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jan 2024, 18:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
CPE | cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/ - Mailing List, Third Party Advisory |
18 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Jan 2024, 17:34
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:* | |
First Time |
Redis redis
Redis |
|
References | () https://github.com/redis/redis/releases/tag/7.0.15 - Release Notes | |
References | () https://github.com/redis/redis/releases/tag/7.2.4 - Release Notes | |
References | () https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m - Vendor Advisory |
10 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 16:15
Updated : 2024-02-23 16:15
NVD link : CVE-2023-41056
Mitre link : CVE-2023-41056
CVE.ORG link : CVE-2023-41056
JSON object : View
Products Affected
redis
- redis
fedoraproject
- fedora