CVE-2023-41056
Public on 2024-01-10
Modified on 2024-02-01
Description
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | php56-pecl-redis | Not Affected | ||
| Amazon Linux 2 - Redis6 Extra | redis | 2024-02-01 | ALAS2REDIS6-2024-009 | Fixed |
| Amazon Linux 2023 | redis6 | 2024-02-01 | ALAS2023-2024-516 | Fixed |
| Amazon Linux 2023 | redis6 | 2024-02-15 | ALAS2023-2024-528 | Fixed |
| Amazon Linux 2023 | redis6 | 2024-02-15 | ALAS2023-2024-538 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |