CVE-2023-31655 Crash while running redis-7.0.10 with the redisraft-cd52ee4.(19th May 2023)

Preface: What does the ERROR: Segmentation violation mean?
Traditionally, a “segmentation violation” is a signal sent by the kernel to a process when the system has detected that the process was attempting to access a memory address that does not belong to it. Typically, this results in the offending process being terminated.

Background: A process describes an individual running instance of a program. It has its own memory, which it does not share with other programs. A process can run code in multiple separate threads. These threads can run code independently of each other.
This is how a server might accept multiple clients: we would spin up a separate thread for each client so the server could have an independent conversation with that client. Unlike processes, they share their memory with each other.
All Redis data resides in memory, enabling low-latency and high-throughput data access. Unlike traditional databases, in-memory data stores do not require access to disk.
RedisRaft is a Redis module that implements the Raft Consensus Algorithm, making it possible to create strongly-consistent clusters of Redis servers.

Vulnerability details: redis-7.0.10 was discovered to contain a segmentation violation.

Current status: Reply by developer, Redisraft is still being developed and currently, we only maintain compatibility with redisraft (master) and redis (unstable) branches.

Official announcement: Please refer to the link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.