Showing 1 - 2 of 2

CVE-2023-45145

Status Candidate

Overview

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

Related Files

Debian Security Advisory 5610-1: Posted Jan 30, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2022-24834, CVE-2023-36824, CVE-2023-41053, CVE-2023-41056, CVE-2023-45145; SHA-256 | 6a575e49865251ebf28406b8b02755df04cae2bd061603790e201c0c1917a8a9; Download | Favorite | View

Ubuntu Security Notice USN-6531-1: Posted Dec 6, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6531-1 - Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-24834, CVE-2022-35977, CVE-2022-36021, CVE-2023-25155, CVE-2023-28856, CVE-2023-45145; SHA-256 | 86bf06ce70285fd40bd6c61d977ae5a038cc5d7e43804cf355bef675f762bdeb; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

CVE-2023-45145

Overview

Related Files

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems