vulnerability
Amazon Linux 2023: CVE-2023-41056: Important priority package update for redis6
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Jan 9, 2024 | Feb 17, 2025 | Dec 4, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Jan 9, 2024
Added
Feb 17, 2025
Modified
Dec 4, 2025
Description
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4.
A flaw was found in Redis. When processing a certain sequence of payloads, Redis may incorrectly handle the resizing of memory buffers, leading to a heap-based buffer overflow, potentially resulting in a denial of service or remote code execution.
A flaw was found in Redis. When processing a certain sequence of payloads, Redis may incorrectly handle the resizing of memory buffers, leading to a heap-based buffer overflow, potentially resulting in a denial of service or remote code execution.
Solutions
amazon-linux-2023-upgrade-redis6amazon-linux-2023-upgrade-redis6-debuginfoamazon-linux-2023-upgrade-redis6-debugsourceamazon-linux-2023-upgrade-redis6-develamazon-linux-2023-upgrade-redis6-doc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.