HIGH🇬🇧 English

CVE-2023-47004

CVSS 8.8v3.1pub. 2023-11-06upd. 2025-04-29

Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Redislabs Redisgraph

    APP
    Redislabs
    2.0.0 – 2.12.9 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEMemory
CWE
Referencje

Powiązane podatności

CVE-2023-47003CRITICAL9.8ten sam produkt

An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service vi...

CVE-2020-35668HIGH7.5ten sam produkt

RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandle...

CVE-2018-11219CRITICAL9.8ten sam vendor

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4....

CVE-2018-11218CRITICAL9.8ten sam vendor

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x befo...

CVE-2017-15047CRITICAL9.8ten sam vendor

The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-...