Headline
CVE-2023-31655: Redis 7.0.10 crashed by signal: 11, si_code: 1 · Issue #608 · RedisLabs/redisraft
redis-7.0.10 was discovered to contain a segmentation violation.
We found one crash while running redis-7.0.10 with the redisraft-cd52ee4. The following is the bug report:
2023-04-13 07:56:48 Jepsen starting /opt/redis/redis-server --protected-mode no --bind 0.0.0.0 --dbfilename redis.rdb --loadmodule /opt/redis/redisraft.so --raft.loglevel debug --raft.log-filename raftlog.db --raft.log-max-file-size 32000 --raft.log-max-cache-size 1000000 --raft.follower-proxy yes
3438:C 13 Apr 2023 07:56:48.130 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
3438:C 13 Apr 2023 07:56:48.131 # Redis version=7.0.10, bits=64, commit=6523d019, modified=0, pid=3438, just started
3438:C 13 Apr 2023 07:56:48.131 # Configuration loaded
3438:M 13 Apr 2023 07:56:48.136 * Increased maximum number of open files to 10032 (it was originally set to 1024).
3438:M 13 Apr 2023 07:56:48.136 * monotonic clock: POSIX clock_gettime
3438:M 13 Apr 2023 07:56:48.139 * Running mode=standalone, port=6379.
3438:M 13 Apr 2023 07:56:48.139 # Server initialized
3438:M 13 Apr 2023 07:56:48.139 # WARNING Memory overcommit must be enabled! Without it, a background save or replication may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
3438:M 13 Apr 2023 07:56:48.140 * <raft> RedisRaft version 255.255.255 [5b53a293]
3438:M 13 Apr 2023 07:56:48.177 * <raft> Raft module loaded, state is 'uninitialized'
3438:M 13 Apr 2023 07:56:48.177 * Module 'raft' loaded from /opt/redis/redisraft.so
3438:M 13 Apr 2023 07:56:48.178 * Ready to accept connections
3438:M 13 Apr 2023 07:56:49.138 * <raft> State change: Node is now a leader, term 1
3438:M 13 Apr 2023 07:56:49.138 * <raft> Cluster Membership: term:1 index:1 nodes: id=1958283344,voting=0,active=1,addr=-
3438:M 13 Apr 2023 07:56:49.144 * <raft> Raft Cluster initialized, node id: 1958283344, dbid: 3d9465dd35ff805d0e53bb1d190ef7e4
=== REDIS BUG REPORT START: Cut & paste starting from here ===
3438:M 13 Apr 2023 07:56:52.920 # Redis 7.0.10 crashed by signal: 11, si_code: 1
3438:M 13 Apr 2023 07:56:52.920 # Accessing address: 0x24
3438:M 13 Apr 2023 07:56:52.920 # Crashed running the instruction at: 0xa5f060
------ STACK TRACE ------
EIP:
/opt/redis/redis-server 0.0.0.0:6379(callReplyIsResp3+0x80)[0xa5f060]
Backtrace:
/opt/redis/redis-server 0.0.0.0:6379(sigsegvHandler+0xb9f)[0x7dab6f]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x12730)[0x7f5f8686c730]
/opt/redis/redis-server 0.0.0.0:6379(callReplyIsResp3+0x80)[0xa5f060]
/opt/redis/redis-server 0.0.0.0:6379(RM_ReplyWithCallReply+0x21d)[0x928b2d]
/opt/redis/redisraft.so(RaftExecuteCommandArray+0x16b3)[0x7f5f82dc2093]
/opt/redis/redisraft.so(+0xd73ec)[0x7f5f82dda3ec]
/opt/redis/redisraft.so(+0xc528a)[0x7f5f82dc828a]
/opt/redis/redisraft.so(raft_apply_entry+0x45f)[0x7f5f82e43faf]
/opt/redis/redisraft.so(raft_apply_all+0x2b8)[0x7f5f82e48748]
/opt/redis/redisraft.so(raft_exec_operations+0x123)[0x7f5f82e3c443]
/opt/redis/redisraft.so(raft_flush+0x858)[0x7f5f82e3e1d8]
/opt/redis/redisraft.so(handleBeforeSleep+0x359)[0x7f5f82dd12d9]
/opt/redis/redisraft.so(+0xf0417)[0x7f5f82df3417]
/opt/redis/redis-server 0.0.0.0:6379(moduleFireServerEvent+0x1290)[0x976670]
/opt/redis/redis-server 0.0.0.0:6379(beforeSleep+0x4ca)[0x5555ea]
/opt/redis/redis-server 0.0.0.0:6379(aeProcessEvents+0x882)[0x527b92]
/opt/redis/redis-server 0.0.0.0:6379(aeMain+0x14c)[0x52afac]
/opt/redis/redis-server 0.0.0.0:6379(main+0x3761)[0x58f0b1]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xeb)[0x7f5f866a209b]
/opt/redis/redis-server 0.0.0.0:6379(_start+0x2a)[0x45aaaa]