CVE-2023-41056 - OpenCVE

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Redhat	Enterprise Linux
Redis	Redis

Configuration 1 [-]

OR	cpe:2.3:a:redis:redis::::::::
	cpe:2.3:a:redis:redis::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 9
redis:7-9030020240206103833.9	cpe:/a:redhat:enterprise_linux:9	RHEA-2024:1143	2024-03-05T00:00:00Z

References

Link	Providers
https://github.com/redis/redis/releases/tag/7.0.15
https://github.com/redis/redis/releases/tag/7.2.4
https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/
https://nvd.nist.gov/vuln/detail/CVE-2023-41056
https://security.netapp.com/advisory/ntap-20240223-0003/
https://www.cve.org/CVERecord?id=CVE-2023-41056

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-10T15:59:36.752Z

Updated: 2024-08-02T18:46:11.706Z

Reserved: 2023-08-22T16:57:23.934Z

Link: CVE-2023-41056

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-10T16:15:46.557

Modified: 2024-02-23T16:15:46.293

Link: CVE-2023-41056

Redhat

Severity : Important

Publid Date: 2024-01-09T00:00:00Z

Links: CVE-2023-41056 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41056", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-22T16:57:23.934Z", "datePublished": "2024-01-10T15:59:36.752Z", "dateUpdated": "2024-08-02T18:46:11.706Z"}, "containers": {"cna": {"title": "Redis vulnerable to integer overflow in certain payloads", "problemTypes": [{"descriptions": [{"cweId": "CWE-762", "lang": "en", "description": "CWE-762: Mismatched Memory Management Routines", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.15", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.0.15"}, {"name": "https://github.com/redis/redis/releases/tag/7.2.4", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.2.4"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"}, {"url": "https://security.netapp.com/advisory/ntap-20240223-0003/"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.0.9, < 7.0.15", "status": "affected"}, {"version": ">= 7.2.0, < 7.2.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-10T15:59:36.752Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."}], "source": {"advisory": "GHSA-xr47-pcmx-fq2m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:46:11.706Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"}, {"name": "https://github.com/redis/redis/releases/tag/7.0.15", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/7.0.15"}, {"name": "https://github.com/redis/redis/releases/tag/7.2.4", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/releases/tag/7.2.4"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240223-0003/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "205F5134-0355-48E0-B2F4-7E14179654D3", "versionEndExcluding": "7.0.15", "versionStartIncluding": "7.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE0E44DA-5BAD-4EB8-82D8-93BB2D7D9CDE", "versionEndExcluding": "7.2.4", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4."}, {"lang": "es", "value": "Redis es una base de datos en memoria que persiste en el disco. Redis maneja incorrectamente el cambio de tama\u00f1o de los b\u00faferes de memoria, lo que puede provocar un desbordamiento de enteros que provoca un desbordamiento del mont\u00f3n y una posible ejecuci\u00f3n remota de c\u00f3digo. Este problema se solucion\u00f3 en las versiones 7.0.15 y 7.2.4."}], "id": "CVE-2023-41056", "lastModified": "2024-02-23T16:15:46.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-10T16:15:46.557", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.0.15"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/redis/redis/releases/tag/7.2.4"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT/"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN/"}, {"source": "security-advisories@github.com", "url": "https://security.netapp.com/advisory/ntap-20240223-0003/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-762"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHEA-2024:1143", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "redis:7-9030020240206103833.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-03-05T00:00:00Z"}], "bugzilla": {"description": "redis: Heap Buffer Overflow may lead to potential remote code execution", "id": "2257454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257454"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-122", "details": ["Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.", "A flaw was found in Redis. When processing a certain sequence of payloads, Redis may incorrectly handle the resizing of memory buffers, leading to a heap-based buffer overflow, potentially resulting in a denial of service or remote code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-41056", "package_state": [{"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-backend-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Out of support scope", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "redis:6/redis", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "redis", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2024-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-41056\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41056\nhttps://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m"], "statement": "The redis package, as shipped with Red Hat Enterprise Linux 8, 9, and RHSCL is not affected by this vulnerability because the vulnerable code was introduced in a newer version of redis. However, the redis:7 module as shipped with Red Hat Enterprise Linux 9.3 is affected.", "threat_severity": "Important", "upstream_fix": "redis 7.2.4, redis 7.0.15"}