Headline
CVE-2023-41053: Fix sort_ro get-keys function return wrong key number (#12522) · redis/redis@9e505e6
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by SORT_RO
and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Fix sort_ro get-keys function return wrong key number (#12522)
Before: ``` 127.0.0.1:6379> command getkeys sort_ro key (empty array) 127.0.0.1:6379> ``` After: ``` 127.0.0.1:6379> command getkeys sort_ro key
- “key” 127.0.0.1:6379> ```
(cherry picked from commit b59f53e)
- Loading branch information
Showing 2 changed files with 6 additions and 1 deletion.
- db.c
- sort.tcl
3 changes: 2 additions & 1 deletion src/db.c
Expand Up
@@ -2294,7 +2294,8 @@ int sortROGetKeys(struct redisCommand *cmd, robj **argv, int argc, getKeysResult
keys = getKeysPrepareResult(result, 1);
keys[0].pos = 1; /* <sort-key> is always present. */
keys[0].flags = CMD_KEY_RO | CMD_KEY_ACCESS;
return 1;
result->numkeys = 1;
return result->numkeys;
}
/* Helper function to extract keys from the SORT command.
Expand Down
4 changes: 4 additions & 0 deletions tests/unit/sort.tcl
Expand Up
@@ -109,6 +109,10 @@ start_server {
test “SORT extracts STORE correctly” {
r command getkeys sort abc store def
} {abc def}
test “SORT_RO get keys” {
r command getkeys sort_ro abc
} {abc}
test “SORT extracts multiple STORE correctly” {
r command getkeys sort abc store invalid store stillbad store def
Expand Down
0 comments on commit 9e505e6
Please sign in to comment.
Related news
Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.
Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.