PT-2023-3968 · Redis+4 · Redis+4
Lior Lahav
·
Published
2023-06-27
·
Updated
2026-05-18
·
CVE-2023-36824
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Redis versions 7.0 prior to 7.0.12
Description
The issue is related to a heap overflow that may occur when extracting key names from a command and a list of arguments in Redis. This can result in reading random heap memory, heap corruption, and potentially remote code execution. Authenticated users may execute specially crafted commands, such as
COMMAND GETKEYS or COMMAND GETKEYSANDFLAGS, to exploit this issue. Additionally, authenticated users with ACL rules that match key names may execute specially crafted commands that refer to a variadic list of key names.Recommendations
To resolve the issue, update to Redis version 7.0.12 or later. As a temporary workaround, consider restricting access to the
COMMAND GETKEYS and COMMAND GETKEYSANDFLAGS commands for authenticated users, and limit the execution of commands that refer to a variadic list of key names for users with matching ACL rules.Exploit
Fix
DoS
RCE
Heap Based Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Red Os
Redis
Suse