FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Possible bypassing Unix socket permissions

Affected packages
redis < 7.2.2
redis-devel <
redis70 < 7.0.14
redis62 < 6.2.14


VuXML ID 8706e097-6db7-11ee-8744-080027f5fec9
Discovery 2023-10-18
Entry 2023-10-18

Redis core team reports:

The wrong order of listen(2) and chmod(2) calls creates a race condition that can be used by another process to bypass desired Unix socket permissions on startup.


CVE Name CVE-2023-45145