Lucene search

K

[email protected]NVD:CVE-2023-41056

HistoryJan 10, 2024 - 4:15 p.m.

CVE-2023-41056

2024-01-1016:15:46

CWE-762

CWE-190

[email protected]

web.nvd.nist.gov

redis

in-memory database

integer overflow

heap overflow

remote code execution

security patch

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.1%

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Affected configurations

NVD

Node

redisredisRange7.0.9–7.0.15

OR

redisredisRange7.2.0–7.2.4

Node

fedoraprojectfedoraMatch38

OR

fedoraprojectfedoraMatch39

References

github.com/redis/redis/releases/tag/7.0.15

github.com/redis/redis/releases/tag/7.2.4

github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m

lists.fedoraproject.org/archives/list/[email protected]/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/

lists.fedoraproject.org/archives/list/[email protected]/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/

security.netapp.com/advisory/ntap-20240223-0003/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.1%

Related for NVD:CVE-2023-41056

osv3 openvas4 alpinelinux1 nessus7 fedora2 veracode1 redhatcve1 cgr1 prion1 ubuntucve1 debiancve1 cve1 cvelist1 wolfi1 redos1 photon2 debian1 ibm1 oracle1