CVE-2023-41056

EPSS 5.32%
Veröffentlicht 10.01.2024 16:15:46
Zuletzt bearbeitet 21.11.2024 08:20:28
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 7.0.9 < 7.0.15

Redis ≫ Redis Version >= 7.2.0 < 7.2.4

Fedoraproject ≫ Fedora Version38

Fedoraproject ≫ Fedora Version39

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.32%	0.896

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-762 Mismatched Memory Management Routines

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

https://github.com/redis/redis/releases/tag/7.0.15

Release Notes

https://github.com/redis/redis/releases/tag/7.2.4

Release Notes

https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20240223-0003/

https://nvd.nist.gov/vuln/detail/CVE-2023-41056

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41056

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41056

EUVD