Bugzilla – Bug 1218646
VUL-0: CVE-2023-41056: redis7: incorrectly handle resizing of memory buffers
Last modified: 2024-05-17 08:45:50 UTC
Redis released new versions (7.0.15 and 7.2.4) that fix a security issue. Security fixes (CVE-2023-41056) In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. References: https://github.com/redis/redis/releases/tag/7.2.4 https://github.com/redis/redis/releases/tag/7.0.15
According to the security advisory our SLE-15-SP5 version is not affected: https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m Impact ------ In some cases, Redis may incorrectly handle resizing of memory buffers which can result in incorrect accounting of buffer sizes and lead to heap overflow and potential remote code execution. The problem exists in Redis 7.0.9 or newer (including 7.2.x). Patches ------- The problem is fixed in Redis 7.0.15 and 7.2.4. SUSE/openSUSE versions: SUSE:SLE-15-SP5 redis-7.0.8 openSUSE:Factory redis-7.2.4
All done, closing.