Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-36824: Heap overflow in COMMAND GETKEYS and ACL evaluation

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted COMMAND GETKEYS or COMMAND GETKEYSANDFLAGSand authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

CVE
#vulnerability#ios#redis#rce#auth

Impact

Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to this result:

  • Authenticated users executing a specially crafted COMMAND GETKEYS or COMMAND GETKEYSANDFLAGS.
  • Authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names.

The problem exists in Redis 7.0 or newer.

Patches

The problem is fixed in Redis 7.0.12.

Credit

The problem was found by Lior Lahav.

For more information

If you have any questions or comments about this advisory:

Related news

Gentoo Linux Security Advisory 202408-05

Gentoo Linux Security Advisory 202408-5 - Multiple vulnerabilities have been discovered in Redis, the worst of which may lead to a denial of service or possible remote code execution. Versions greater than or equal to 7.2.4 are affected.

Debian Security Advisory 5610-1

Debian Linux Security Advisory 5610-1 - Multiple security issues were discovered in Redis, a persistent key-value database, which could result in the execution of arbitrary code or ACL bypass.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907