Vulnerability-Lookup

CVE-2023-41056 (GCVE-0-2023-41056)

Vulnerability from cvelistv5 – Published: 2024-01-10 15:59 – Updated: 2025-06-17 14:42

Title

Redis vulnerable to integer overflow in certain payloads

Summary

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-762 - Mismatched Memory Management Routines
CWE-190 - Integer Overflow or Wraparound

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	redis	redis	Affected: >= 7.0.9, < 7.0.15 Affected: >= 7.2.0, < 7.2.4

CERTFR-2024-AVI-0069

Vulnerability from certfr_avis - Published: 2024-01-26 - Updated: 2024-01-26

De multiples vulnérabilités ont été découvertes dans Gitlab. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions antérieures à 16.6.6
GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.7.x antérieures à 16.7.4
GitLab Community Edition (CE) et Gitlab Enterprise Edition (EE) versions 16.8.x antérieures à 16.8.1

L'éditeur a corrigé la vulnérabilité critique CVE-2024-0402 dans la version 16.5.8. Celle-ci ne bénéficie pas des correctifs de sécurité pour les autres vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

cleanstart-2026-mz27698

Vulnerability from cleanstart

Published

2026-01-30 14:39

Modified

2026-01-29 18:58

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.4.6-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-MZ27698",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:39:52.940858Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MZ27698.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

cleanstart-2026-bx37171

Vulnerability from cleanstart

Published

2026-01-30 14:43

Modified

2026-01-29 18:58

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.4-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-BX37171",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:43:22.549529Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BX37171.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

cleanstart-2026-wi17406

Vulnerability from cleanstart

Published

2026-01-30 17:35

Modified

2026-01-29 18:58

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-WI17406",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T17:35:28.375848Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WI17406.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

cleanstart-2026-fr00621

Vulnerability from cleanstart

Published

2026-01-30 14:36

Modified

2026-01-29 18:58

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.2.5-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-FR00621",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:36:52.496829Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-FR00621.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449"
  ]
}

bit-redis-2023-41056

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:03

Modified

2025-05-20 10:02

Summary

Redis vulnerable to integer overflow in certain payloads

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "redis",
        "purl": "pkg:bitnami/redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.9"
            },
            {
              "fixed": "7.0.15"
            },
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.4"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41056"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.",
  "id": "BIT-redis-2023-41056",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T11:03:35.383Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.2.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Redis vulnerable to integer overflow in certain payloads"
}

bit-keydb-2023-41056

Vulnerability from bitnami_vulndb

Published

2024-08-22 19:23

Modified

2025-05-20 10:02

Summary

Redis vulnerable to integer overflow in certain payloads

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "keydb",
        "purl": "pkg:bitnami/keydb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.9"
            },
            {
              "fixed": "7.0.15"
            },
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.4"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41056"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.",
  "id": "BIT-keydb-2023-41056",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-08-22T19:23:05.762Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.2.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Redis vulnerable to integer overflow in certain payloads"
}

bit-valkey-2023-41056

Vulnerability from bitnami_vulndb

Published

2024-08-22 19:40

Modified

2025-05-20 10:02

Summary

Redis vulnerable to integer overflow in certain payloads

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "valkey",
        "purl": "pkg:bitnami/valkey"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.9"
            },
            {
              "fixed": "7.0.15"
            },
            {
              "introduced": "7.2.0"
            },
            {
              "fixed": "7.2.4"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-41056"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.",
  "id": "BIT-valkey-2023-41056",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-08-22T19:40:41.350Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.15"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.2.4"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Redis vulnerable to integer overflow in certain payloads"
}

FKIE_CVE-2023-41056

Vulnerability from fkie_nvd - Published: 2024-01-10 16:15 - Updated: 2024-11-21 08:20

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/redis/redis/releases/tag/7.0.15	Release Notes
security-advisories@github.com	https://github.com/redis/redis/releases/tag/7.2.4	Release Notes
security-advisories@github.com	https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m	Vendor Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/	Mailing List, Third Party Advisory
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/	Mailing List, Third Party Advisory
security-advisories@github.com	https://security.netapp.com/advisory/ntap-20240223-0003/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/redis/redis/releases/tag/7.0.15	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/redis/redis/releases/tag/7.2.4	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240223-0003/

Impacted products

Vendor	Product	Version
redis	redis	*
redis	redis	*
fedoraproject	fedora	38
fedoraproject	fedora	39

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "205F5134-0355-48E0-B2F4-7E14179654D3",
              "versionEndExcluding": "7.0.15",
              "versionStartIncluding": "7.0.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE0E44DA-5BAD-4EB8-82D8-93BB2D7D9CDE",
              "versionEndExcluding": "7.2.4",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."
    },
    {
      "lang": "es",
      "value": "Redis es una base de datos en memoria que persiste en el disco. Redis maneja incorrectamente el cambio de tama\u00f1o de los b\u00faferes de memoria, lo que puede provocar un desbordamiento de enteros que provoca un desbordamiento del mont\u00f3n y una posible ejecuci\u00f3n remota de c\u00f3digo. Este problema se solucion\u00f3 en las versiones 7.0.15 y 7.2.4."
    }
  ],
  "id": "CVE-2023-41056",
  "lastModified": "2024-11-21T08:20:28.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-10T16:15:46.557",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/redis/redis/releases/tag/7.0.15"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/redis/redis/releases/tag/7.2.4"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/redis/redis/releases/tag/7.0.15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/redis/redis/releases/tag/7.2.4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-762"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2023-41056

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-41056

Aliases

CVE-2023-41056

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-41056",
    "id": "GSD-2023-41056"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-41056"
      ],
      "details": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.",
      "id": "GSD-2023-41056",
      "modified": "2023-12-13T01:20:45.630762Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-41056",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "redis",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 7.0.9, \u003c 7.0.15"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 7.2.0, \u003c 7.2.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "redis"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-762",
                "lang": "eng",
                "value": "CWE-762: Mismatched Memory Management Routines"
              }
            ]
          },
          {
            "description": [
              {
                "cweId": "CWE-190",
                "lang": "eng",
                "value": "CWE-190: Integer Overflow or Wraparound"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m",
            "refsource": "MISC",
            "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
          },
          {
            "name": "https://github.com/redis/redis/releases/tag/7.0.15",
            "refsource": "MISC",
            "url": "https://github.com/redis/redis/releases/tag/7.0.15"
          },
          {
            "name": "https://github.com/redis/redis/releases/tag/7.2.4",
            "refsource": "MISC",
            "url": "https://github.com/redis/redis/releases/tag/7.2.4"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240223-0003/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-xr47-pcmx-fq2m",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "205F5134-0355-48E0-B2F4-7E14179654D3",
                    "versionEndExcluding": "7.0.15",
                    "versionStartIncluding": "7.0.9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FE0E44DA-5BAD-4EB8-82D8-93BB2D7D9CDE",
                    "versionEndExcluding": "7.2.4",
                    "versionStartIncluding": "7.2.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."
          },
          {
            "lang": "es",
            "value": "Redis es una base de datos en memoria que persiste en el disco. Redis maneja incorrectamente el cambio de tama\u00f1o de los b\u00faferes de memoria, lo que puede provocar un desbordamiento de enteros que provoca un desbordamiento del mont\u00f3n y una posible ejecuci\u00f3n remota de c\u00f3digo. Este problema se solucion\u00f3 en las versiones 7.0.15 y 7.2.4."
          }
        ],
        "id": "CVE-2023-41056",
        "lastModified": "2024-02-23T16:15:46.293",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.2,
              "impactScore": 5.9,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-01-10T16:15:46.557",
        "references": [
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Release Notes"
            ],
            "url": "https://github.com/redis/redis/releases/tag/7.0.15"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Release Notes"
            ],
            "url": "https://github.com/redis/redis/releases/tag/7.2.4"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"
          },
          {
            "source": "security-advisories@github.com",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-190"
              },
              {
                "lang": "en",
                "value": "CWE-762"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CVE-2023-41056

Vulnerability from fstec - Published: 10.01.2024

Title

Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость системы управления базами данных (СУБД) Redis связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «Ред Софт», Redis Labs, АО "НППКТ"

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Redis, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7.3 (РЕД ОС), до 7.0.15 (Redis), до 7.2.4 (Redis), до 2.10 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Redis: https://github.com/redis/redis/releases/tag/7.0.15 https://github.com/redis/redis/releases/tag/7.2.4 https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОСОН ОСнова Оnyx (версия 2.10): Обновление программного обеспечения redis до версии 5:7.0.15-1osnova1

Reference

https://github.com/redis/redis/releases/tag/7.0.15 https://github.com/redis/redis/releases/tag/7.2.4 https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/

CWE

CWE-122, CWE-190, CWE-762

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Redis Labs, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 7.0.15 (Redis), \u0434\u043e 7.2.4 (Redis), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Redis:\nhttps://github.com/redis/redis/releases/tag/7.0.15\t\nhttps://github.com/redis/redis/releases/tag/7.2.4\t\nhttps://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f redis \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5:7.0.15-1osnova1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.01.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00349",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-41056",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Redis, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190), \u041d\u0435\u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0430\u043c\u044f\u0442\u044c\u044e (CWE-762)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/redis/redis/releases/tag/7.0.15\t\nhttps://github.com/redis/redis/releases/tag/7.2.4\t\nhttps://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122, CWE-190, CWE-762",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-41056 (GCVE-0-2023-41056)

Solution

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature