Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
CVE-2023-36824

8.8HIGH

Key Information:

Vendor
Redis
Status
Redis
Vendor
CVE Published:
11 July 2023

Summary

An identified vulnerability in Redis versions prior to 7.0.12 involves a heap overflow that can occur when key names are extracted from commands with varying arguments. This flaw may lead to heap corruption and allows for reading arbitrary memory, potentially enabling authenticated users to execute specially crafted commands such as COMMAND GETKEYS or COMMAND GETKEYSANDFLAGS. This represents a critical risk as attackers could leverage these commands in environments where ACL rules have been configured to align with key names.

Affected Version(s)

redis >= 7.0.0, < 7.0.12

References

https://github.com/redis/redis/security/advisories/GHSA-4...
x_refsource_CONFIRM
https://github.com/redis/redis/releases/tag/7.0.12
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.