Login Sign Up

CVE-2023-41056

8.1 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes an integer overflow vulnerability in Redis memory buffer resizing that can lead to heap overflow and potential remote code execution. Attackers could exploit this to execute arbitrary code on vulnerable Redis servers. All Redis deployments running affected versions are potentially vulnerable.

💻 Affected Systems

Products:
  • Redis
Versions: All versions before 7.0.15 and 7.2.4
Operating Systems: All operating systems running Redis
Default Config Vulnerable: ⚠️ Yes
Notes: All Redis deployments with affected versions are vulnerable regardless of configuration.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of Redis server, executes arbitrary code, and potentially pivots to other systems in the network.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or cryptocurrency mining malware installation.

🟢

If Mitigated

Denial of service or application crash if exploit fails or controls limit impact.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted requests to Redis server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.15 or 7.2.4

Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m

Restart Required: Yes

Instructions:

1. Stop Redis service. 2. Backup data and configuration. 3. Upgrade Redis to version 7.0.15 or 7.2.4. 4. Restart Redis service. 5. Verify service is running correctly.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict Redis access to trusted networks only using firewall rules.

iptables -A INPUT -p tcp --dport 6379 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 6379 -j DROP

Redis Authentication

all

Enable Redis authentication to require password for connections.

redis-cli CONFIG SET requirepass "strong_password"

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit Redis access
  • Deploy Redis behind a reverse proxy with request validation and rate limiting

🔍 How to Verify

Check if Vulnerable:

Check Redis version using redis-cli or redis-server --version

Check Version:

redis-server --version

Verify Fix Applied:

Confirm Redis version is 7.0.15 or 7.2.4 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory allocation patterns
  • Redis process crashes
  • Suspicious command sequences

Network Indicators:

  • Unusual traffic patterns to Redis port 6379
  • Large or malformed Redis protocol requests

SIEM Query:

source="redis.log" AND ("segmentation fault" OR "out of memory" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2023-41056
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: January 10, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41056, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)