CVE-2023-31654

Name of the Vulnerable Software and Affected Versions Redis versions master-1b8bd86 through master-7b46079

Description The issue is related to an ODR violation via the component hiredisAllocFns at /opt/fs/redisraft/deps/hiredis/alloc.c. This is associated with a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service or other impact.

Recommendations For versions master-1b8bd86 through master-7b46079, as a temporary workaround, consider disabling the hiredisAllocFns component until a patch is available. Restrict access to the /opt/fs/redisraft/deps/hiredis/alloc.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.