UBUNTU-CVE-2023-41056
- Source
- https://ubuntu.com/security/CVE-2023-41056
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-41056.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-41056
- Upstream
- Withdrawn
- 2025-07-18T16:54:37Z
- Published
- 2024-01-10T16:15:00Z
- Modified
- 2025-07-16T07:20:45.958263Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
- References
Affected packages
Ubuntu:24.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:7.0.15-1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:7.0.15-1
Ecosystem specific
{
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:7.0.15-1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:7.0.15-1"
},
{
"binary_name": "redis-server",
"binary_version": "5:7.0.15-1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:7.0.15-1"
},
{
"binary_name": "redis-tools-dbgsym",
"binary_version": "5:7.0.15-1"
}
],
"availability": "No subscription required"
}