CVE-2023-41056
HIGH8.1EPSS 7.3%Redis vulnerable to integer overflow in certain payloads
發布日:2024/1/10修改日:2025/11/19
也稱為:ALPINE-CVE-2023-41056
描述
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
受影響套件(5)
- Alpine/redisfrom 0, < 7.0.15-r0
- Bitnami/keydb>= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
- Bitnami/redis>= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
- Bitnami/valkey>= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
- Debian/redisfrom 0, < 5:7.0.15-1~deb12u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2023-41056
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-41056
- WEBhttps://github.com/redis/redis/releases/tag/7.0.15
- WEBhttps://github.com/redis/redis/releases/tag/7.2.4
- WEBhttps://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/
- WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2023-41056
- WEBhttps://security.netapp.com/advisory/ntap-20240223-0003/