CVE-2023-41056

Summary

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Affected Software

VendorProductVersion RangeStatus
redisredis>= 7.0.9, < 7.0.15affected
redisredis>= 7.2.0, < 7.2.4affected

Weaknesses

  • CWE-762: CWE-762: Mismatched Memory Management Routines
  • CWE-190: CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References