{"id":"CVE-2023-47004","details":"Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.","modified":"2026-04-12T09:35:09.416787Z","published":"2023-11-06T22:15:08.043Z","references":[{"type":"REPORT","url":"https://github.com/RedisGraph/RedisGraph/issues/3178"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redisgraph/redisgraph","events":[{"introduced":"d3c9bf92b83cc7ff5d2e17b75d624295d4d62d9c"},{"fixed":"4246cb7d63d0d07ef4dbc42d60eecde30d6ff222"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:redislabs:redisgraph:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.0.0"},{"fixed":"2.12.9"}]}}],"database_specific":{"vanir_signatures":[{"digest":{"line_hashes":["45962330420457371568624038403483109345","53516257458971826261227617346544199996","250401168968898138528803862654438269838","143915573263748230250993656129419071970","31792104156990988777198440559725771317","262549781888358706993333455638758390338","204136751667786659217741337600132482793","219384267940498978667155221528212495390","335151816150847819274385697508847296510","223705745855585850902226593118537954792","215046481391475165976775917264954845364","34166875725233585201991127451870092757","239615207843898465216798998751541879284","254510261373206180342689178176430444458","313334395213152457346270625899794694843","250134974939585883223205469937277237406","317349321258934693162777911495636859990","36912440893982257098774623111752234814","130142813783353847183431073493959801320","123177204088292447097572492176640733549","114181129714623392518358641879352927608","338359302926861727071125946533901975895","17092132314647972152154132123368191889","230227874619689115811538241027959012239","210365327544636981895104996715543386822","149876613481352706512096628036954209413","230270937416191043761880408788166236738","241759133411728252229417037324479894259","211616056815914866200432343168540953200","280266840391881523148302743926605278171","215719758248201785260023397712206071412","168515916550324667000655706030755114254","134002257003346148835539277197953734328","142746707569371344137721135398641218505","238501556224137116772114354131449957534","285463384948817686588737480321694944157","176150143716041521532237328243854735947","23998873387352777140296992499585437517","56979987390428072864099320066049084623","58990871468254807389200039179136091718","87145615952901879785613028263658224196","147532372969108163795688885010841485991","75777701132378389284208493908377623127","285723652486176881281332107411763191486","618083456327979396504170699443374108","236213142325003060820990668271267532164","44000738617184689967354779892267318246","26404807491466031221890139287395927764","295439433844306766834340546802920995483","124637813362604364188454885402974997113","26937249554616536256442511782529753234","162134795096153527005221708887493442689","22087250014872304057543934322178467882","155552324778555118693351285967855315816","85171350287953010540917708122645507431","74771612967152472878421533962325076016","64621943603908778015609931496851016382","242588380110277327654785589402926398317","111958051939450410974750038088935128870","237692999111113607437937204159936814339","238202694354440278056703973778448114074","258778213693272379175603735151636500125","309898054863707828801245467640137043372","299108697305272955037913044127348939075","151984072570595521748580368007864539129","20422852975217620739227826103939628210","212196148436961765143506563318913077933","331173753114426569543434946445717123461","73641323940255470529508848749986670970","302168908009935315432632637357399406054","184083485460521225882206582816649448221","102546486002468736150609094182636433554","326055028253480745923035844599980858003","29374646284930554302154293284598121457","314247501891617127685091644829221525434","212028851671566187637438358354428163918","30671455072725785217532524760222531825","262950101065656546131959805392620130110","13005239005522791838415376399438654713","254120018422063131327481377918702229479","82586937926945426937716496024980268131","80620229780017274620479230795077806346","127661203271879349478032141156678799370","201930892147534705612090023902784535586","79040813126084703504561127638764702977","283522178451116080753556911475100952683","238469119359164504489341691581516185358","219942371097749877795902467746141520575","326687162409630800303223469819767657154","221341882088606471101234010010496545152","92525850246195887179755267131459885850","176372718921223996321727641158603950226","325005113450299533850304582956322200263","315291808160733361761518884089114116768","54358453846407137067009921029059036198","54993974995786443141874610454086987024","37367013944927310083623323987765905553","268873911903360787632819393718878226929","265291572678504627924079570533244638565","78585655796835828744819841498707011853","219594824330639425735693793924083903825","105164230035828556276971450300547679588","193880811038241120642783524595107753126","109298920801705842446354926965541011867","154796546306289455908130387439102229765","112865526096052089730325099439682170164","175678310567079047286019424727130601305","160247852731463803444615511533224141997","172349045081982838533242643486584328661","252676889942185154164877220868971422727","157942306163011217489754472278978811086","64896775388196432231114207528001803706","164826113362662398621198837368205077658","287199895432138527885972658793786817673","47122987898786218189747888826350169529","320176418433674277296585944249724223356","337892308813740378085707778136847486554","130629967477209038210972230665824349187","12367620617995445245402933140704121740","19287998718450059435685593689254256940","66101642738681490599231962275069475123","135169834991659916218104521204283470533","132827531669206784631959086921871789305","124310803426857610656844140996469976965","173227911058973207707167130130813152687","242499663382077874480198130681358769679","195651334491293428170191737580421412841","235573784190786643924005391119831188180","265352429163601446795574736287140188461","197980369593014055782134809731961820767","228137572962888537948408990523834463231","46480998306229576187823455731364938566","251678505161203446013687829310989596246","53837255196633895437370940364835980380","330622194379414243245436101672624373028","280148134567121394126950126019439052828","193493386306458889126360268088717291544","310167843684271296460527764244976819493","57047875713045485831377935461386453440","20238339378257227620339578802435227405","315055328306720444127388490807440288053","282536075219781523629784681943697039734","284598147297405519859409694629213765762","212547788362591750599355514211466685771","293583740958294398687761249036357150162","327038651690837422942964047433569466272","294152843292349672062087509473746637045","302508300812729407120862256333104155220","18985367667339355719509384727669902349","231725687136421317027897163014349761758","62615827321752657428346152067037031108","191864928885512623440195939601277363189","227332444903082207749953566367069561331","273295436629176594219653977027863464001","270067512318021020871019740968428859162","51057624032872350927578079775313223784","863101401028178667854638072411059890","120982533069621097477270533128446333263","329179846399729591697205325829811403649","131040791096667918999260819523467923402","133649314991587990867253189208630744766","148982455407281475818299859111994215954","158311608009313876812410689736332965785","51681167018153987075540195241882561210","131165527840768514120243983403163832431","226200885133207730489048619630764288199","19679359163665483390053787275223428985","320035228519651080967086842293260909763","207013629618078435205618123573875993290","297027230728224842319316206106407191450","46269176268507146329344936029139613244","324498564999802470197390275391561156424","265845803096545135454667075749248977286","164079789948253307331285339760046276699","40700265037818829003033315882701518929","168923171108891336203769460321805133171","105756912227316604140148810375166882550","302605239809922730384010128304803335544","307444602680181635897119951178077817323","95507051118020614273348083391465672478","48926905998476614382023708403952920780","321766087191894613765875696061454402461","103895177270731217410516553063840457636","91378564594660789714914012561160221093","199254897456409693739188539718343656123","133820787476782303742942288546530640158","125484285167884811811932761407620063747","260781327500006156198280067299395403872","37398901450669061499381940749745563812","313920141764453557546135697852415178718","328081421331489976811846718582875608761","321371389548959330355597894683684180522","99511494590009716615318693125564303340","148173556284799129173462705895985547878","209883736784331177363890266024391696661","199563772204170803168948821181429743255","68481165810184830571476073055338667451","198361146261988695410431243599561117326","115072510619238919369002404006209408671","241524132616539849095567312960598591408","212986610278736369255564412411067198646","35740810231789896842867936141262769563","182586068559482595935212776503127803363","320242581189229988120243741109960019116","152455788880534835162226320444506594541","116678877130805169752547103927837378279","195515908793446843661095824666031275269","9144771829667264448627961771249895891","256566338038037410394228846167764122470","336627338699127982368253839104137026001","337624718049786283499175542575376769310","25055879801795006582639244621715548525","24646598590713648836716945265014346514","278354603829151349045679526531515009","106717644620904663971362817790644440581","176969398381441339123954139700496989013","269197737943901398570941943663214807784","300489053375198551918838896625748421348","100281319221396966646017164777056843887","321369642385397276909981297891492461210","263772830870114415960672436867032791009","267275536548931596841443277708160219040","204788161132358800987600229962041575574","158158898046909411569601851749659066078","316544776084569021902615229458497037520","217905968139629304949318500171296463864","242717712339476224490024643972041739551","124717525962762821397822485500981650214","197649107356325552024954674423477829381","258525944218969166270084469928651988241","183784300101497521484541844720297879777","121198713325286086243463173338486785124","129323779088659148801474055484077120499","270324696913124331654590880207402295457","67097476602335507743130777686572938539","280355138107509192734650483050358850403","287238593528602644308554271497463596927","219900348352979233303577884555992215259","224714287530322685225924546768315239064","276090059610267761233821586250583526266","245299521371341718249505332194093585869","174524057828392209182730435748369857224","262386942279535025314055727848582968255","241834905034223833297430773541009036701","260038974474663344911665927826943745699","282252101998739446558758818285729839130","101755636698301526639118777177956948094","81405143735277816915295574538423403152","208504045931519374330672907053315012407","193952704723822176457726859561062291437","85460014363667875087402649103788418489","61159942783447929564995055478074049262","42906778194494583694135980733265073247","184854971983027844457844730008645271436","268126763180858671664291674233732404105","18504856399179782647503000455516554608","49317208155609553863266873316125908368"],"threshold":0.9},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"file":"src/redismodule.h"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2023-47004-20b2c815"},{"digest":{"length":998,"function_hash":"181255016554092375339243059259671623855"},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"function":"AR_JOIN","file":"src/arithmetic/string_funcs/string_funcs.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2023-47004-2a6939b6"},{"digest":{"line_hashes":["251287094451214078701652393819661324097","164065855405438252660241969997230200807","123578235051354120027812620335415915880","214247561682897041637620221729501245949","323707697048457115363834392567237972841","302798601571278315547325204853254276841","235718680475436306078160841831145293037","255138834242614452117910346289650625222","197261861590192047183614930240615082846","120035974999968760958945775330697740714","59043764169475319096980720339619702958","179006074064489677359001966493567989511","219694017068531582826126561767837039948","302968551937631530930588117855228214651","269203138706876270234766481754436917806","214676483563320026514949667311485517821","226876371268766098930021697312328997516","93877586008258894020729714653145438354","283015189734603142258406769018037635557","199953639585553870042705317093770865763","116119238667719061137165477567891703525","329677790544553152572352132313550586066","289756555698924646057188075095528686998","291263047852911528737990301460921968696","54384176865487475670512324165259900405","186423246594627377678209693578192873596","180250227593105701263668158079446197363","277602133613595247108011991402438846534","35474272767393680011592633675189971987","325199663334041676173431529153853870593","54603112228842947328419088156604657535"],"threshold":0.9},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"file":"src/arithmetic/string_funcs/string_funcs.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2023-47004-5a253c1a"},{"digest":{"length":10323,"function_hash":"49588470771742205816136584792322239546"},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"function":"RedisModule_Init","file":"src/redismodule.h"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2023-47004-705d600a"},{"digest":{"length":604,"function_hash":"242097434920053632846347440680190814867"},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"function":"GraphContextType_Register","file":"src/serializers/graphcontext_type.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2023-47004-86e13cb8"},{"digest":{"line_hashes":["311510131466267713625104221953417318395","124094041511284257581121171923152572337","286208145346467627205927740546338297062"],"threshold":0.9},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"file":"src/globals.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2023-47004-8d050c0d"},{"digest":{"line_hashes":["151940350340171868202714785251035082373","51125279560505794089410546567385623906","270250826289340552085843043724179397911"],"threshold":0.9},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"file":"src/globals.h"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2023-47004-db85568a"},{"digest":{"line_hashes":["59774461239296097936020731694506728561","139697837084408349698346155806617890152","202914821141828528573455432732404621623","265928651590562958728535296663804996462","296361423052420336376878328385886920300","199526560548321255293223475722516618537","3630147905746840413132651611399850216","91784703638417760536193696953244787492","176305772838907330419186109640606723868"],"threshold":0.9},"source":"https://github.com/redisgraph/redisgraph/commit/4246cb7d63d0d07ef4dbc42d60eecde30d6ff222","target":{"file":"src/serializers/graphcontext_type.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2023-47004-efe1df2f"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47004.json","vanir_signatures_modified":"2026-04-12T09:35:09Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}