Home > Vulnerability Database > CVE-2023-41056

Mend.io Vulnerability Database

CVE-2023-41056

Good to know:

Date: January 10, 2024

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Language: C

Severity Score

8.1

Related Resources (8)

Url: https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m

Url: https://github.com/redis/redis/releases/tag/7.0.15

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/

Url: https://security-tracker.debian.org/tracker/CVE-2023-41056

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-41056

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/

Url: https://github.com/redis/redis/releases/tag/7.2.4

Url: https://www.mend.io/vulnerability-database/CVE-2023-41056

Severity Score

8.1

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Mismatched Memory Management Routines

CWE-762

Top Fix

Upgrade Version

Upgrade to version 7.0.15,7.2.4

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-41056

Good to know:

Date: January 10, 2024

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?