Showing 1 - 3 of 3

CVE-2023-45145

Status Candidate

Overview

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

Related Files

Gentoo Linux Security Advisory 202408-05: Posted Aug 7, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.; tags | advisory, remote, denial of service, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2022-24834, CVE-2022-35977, CVE-2022-36021, CVE-2023-22458, CVE-2023-25155, CVE-2023-28425, CVE-2023-28856, CVE-2023-36824, CVE-2023-41053, CVE-2023-41056, CVE-2023-45145; SHA-256 | 44b89405ab5c4ee37e2bba62129744deb31752d4a37a6369ac2d9cd7a4c01629; Download | Favorite | View

Debian Security Advisory 5610-1: Posted Jan 30, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.; tags | advisory, arbitrary; systems | linux, debian; advisories | CVE-2022-24834, CVE-2023-36824, CVE-2023-41053, CVE-2023-41056, CVE-2023-45145; SHA-256 | 6a575e49865251ebf28406b8b02755df04cae2bd061603790e201c0c1917a8a9; Download | Favorite | View

Ubuntu Security Notice USN-6531-1: Posted Dec 6, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6531-1 - Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.; tags | advisory, denial of service, overflow, arbitrary; systems | linux, ubuntu; advisories | CVE-2022-24834, CVE-2022-35977, CVE-2022-36021, CVE-2023-25155, CVE-2023-28856, CVE-2023-45145; SHA-256 | 86bf06ce70285fd40bd6c61d977ae5a038cc5d7e43804cf355bef675f762bdeb; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 223 files
indoushka 169 files
Jay Turla 150 files
Ubuntu 76 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Debian 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,174)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,794)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,842)
UNIX (9,454)
UnixWare (188)
Windows (6,771)
Other

CVE-2023-45145

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems