CVE-2023-41056 — Integer Overflow or Wraparound in Redis

CWE-190 — Integer Overflow or Wraparound CWE-762 — Mismatched Memory Management Routines CWE-122 — Heap-based Buffer Overflow7 documents7 sources

Severity

8.1HIGHNVD

EPSS

6.8%

top 8.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redis Fedoraproject Fedora

Timeline

PublishedJan 10

Latest updateMar 2

Description

Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶NVDredis/redis7.0.9 — 7.0.15+1

▶Debianredis/redis< 5:7.0.15-1~deb12u1+2

▶CVEListV5redis/redis>= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4+1

Also affects: Fedora 38, 39

🔴Vulnerability Details

CVEList

Redis vulnerable to integer overflow in certain payloads↗2024-01-10

▶

OSV

CVE-2023-41056: Redis is an in-memory database that persists on disk↗2024-01-10

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Third Party (Redis) — CVE-2023-41056↗2024-04-15

▶

Red Hat

redis: Heap Buffer Overflow may lead to potential remote code execution↗2024-01-09

▶

Debian

CVE-2023-41056: redis - Redis is an in-memory database that persists on disk. Redis incorrectly handles ...↗2023

▶

📄Research Papers

arXiv

ZeroDayBench: Evaluating LLM Agents on Unseen Zero-Day Vulnerabilities for Cyberdefense↗2026-03-02

▶