CVE-2023-36824 — Heap-based Buffer Overflow in Redis

CWE-122 — Heap-based Buffer Overflow CWE-131 — Incorrect Calculation of Buffer Size CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

8.8HIGHNVD

EPSS

88.5%

top 0.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redis Debian Redis Fedoraproject Fedora

Timeline

PublishedJul 11

Description

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶NVDredis/redis7.0.0 — 7.0.12

▶debiandebian/redis< redis 5:7.0.15-1~deb12u1 (bookworm)

▶Debianredis/redis< 5:7.0.15-1~deb12u1+2

▶CVEListV5redis/redis>= 7.0.0, < 7.0.12

Also affects: Fedora 37, 38

🔴Vulnerability Details

OSV

CVE-2023-36824: Redis is an in-memory database that persists on disk↗2023-07-11

▶

📋Vendor Advisories

Red Hat

redis: heap overflow in COMMAND GETKEYS and ACL evaluation↗2023-07-10

▶

Debian

CVE-2023-36824: redis - Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0....↗2023

▶