KeyDB icon indicating copy to clipboard operation
KeyDB copied to clipboard
verified publisher icon Snapchat

Fix issue of listen before chmod on Unix sockets (CVE-2023-45145)

Open npt-1707 opened this issue 8 months ago • 0 comments

Description This PR fixes a potential vulnerability in anetListen() in src/anet.c that was cloned from redid but did not receive the security patch. The original issue was reported and fixed under https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1. This PR applies the same patch to eliminate the vulnerability.

References https://nvd.nist.gov/vuln/detail/CVE-2023-45145 https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1

npt-1707 avatar Apr 22 '25 18:04 npt-1707