CVE-2023-41056
Public on 2024-01-10
Modified on 2024-02-01
Description
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | php56-pecl-redis | Not Affected | ||
| HAQM Linux 2 - Redis6 Extra | redis | 2024-02-01 | ALAS2REDIS6-2024-009 | Fixed |
| HAQM Linux 2023 | redis6 | 2024-02-01 | ALAS2023-2024-516 | Fixed |
| HAQM Linux 2023 | redis6 | 2024-02-15 | ALAS2023-2024-528 | Fixed |
| HAQM Linux 2023 | redis6 | 2024-02-15 | ALAS2023-2024-538 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |