Lior Lahav

**Name of the Vulnerable Software and Affected Versions** Redis versions 7.0 prior to 7.0.12 **Description** The issue is related to a heap overflow that may occur when extracting key names from a command and a list of arguments in Redis. This can result in reading random heap memory, heap corruption, and potentially remote code execution. Authenticated users may execute specially crafted commands, such as `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`, to exploit this issue. Additionally, authenticated users with ACL rules that match key names may execute specially crafted commands that refer to a variadic list of key names. **Recommendations** To resolve the issue, update to Redis version 7.0.12 or later. As a temporary workaround, consider restricting access to the `COMMAND GETKEYS` and `COMMAND GETKEYSANDFLAGS` commands for authenticated users, and limit the execution of commands that refer to a variadic list of key names for users with matching ACL rules.