PT-2024-1088 · Redis+3 · Redis+3

Yossigopublished

·

Published

2024-01-09

·

Updated

2026-05-18

·

CVE-2023-41056

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 7.0.15 Redis versions prior to 7.2.4
Description The issue is related to integer overflow due to incorrect handling of memory buffer resizing, which can lead to heap overflow and potential remote code execution. The estimated number of potentially affected devices worldwide is over 1.4 million, mainly distributed in China, the United States, and other countries.
Recommendations For versions prior to 7.0.15, update to version 7.0.15 or later. For versions prior to 7.2.4, update to version 7.2.4 or later.

Exploit

Fix

DoS

RCE

Heap Based Buffer Overflow

Integer Overflow

Weakness Enumeration

CWE-122CWE-762CWE-190

Related Identifiers

ALT-PU-2024-1369
ALT-PU-2025-11673
ALT-PU-2025-13204
BDU:2024-00349
BIT-KEYDB-2023-41056
BIT-REDIS-2023-41056
BIT-VALKEY-2023-41056
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2023-41056
DSA-5610-1
GHSA-XR47-PCMX-FQ2M
MGASA-2025-0211
OPENSUSE-SU-2024:13572-1

Affected Products

Alt Linux
Astra Linux
Red Os
Redis