CVE-2023-36824

CVE-2023-36824

Name

CVE-2023-36824

Description

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
MISC	https://github.com/redis/redis/releases/tag/7.0.12
MISC	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/
MISC	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/
MISC	https://security.netapp.com/advisory/ntap-20230814-0009/

Type

URI

MISC

https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3

MISC

https://github.com/redis/redis/releases/tag/7.0.12

MISC

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/

MISC

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/

MISC

https://security.netapp.com/advisory/ntap-20230814-0009/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:redis:redis::::::::`	redis	>= 7.0.0	< 7.0.12

CPE URI

Source package

Min version

Max version

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= 7.0.0

< 7.0.12

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
redis	edge-main	7.0.12-r0	TBK <alpine@jjtc.eu>	fixed
redis	edge-main	7.0.11-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.0.12-r0	None	fixed
redis	edge-community	7.0.8-r0	None	possibly vulnerable
redis	edge-community	7.0.6-r0	None	possibly vulnerable
redis	edge-community	7.0.5-r0	None	possibly vulnerable
redis	edge-community	7.0.4-r0	None	possibly vulnerable
redis	3.22-community	7.0.12-r0	None	fixed
redis	3.22-community	7.0.8-r0	None	possibly vulnerable
redis	3.22-community	7.0.6-r0	None	possibly vulnerable
redis	3.22-community	7.0.5-r0	None	possibly vulnerable
redis	3.22-community	7.0.4-r0	None	possibly vulnerable
redis	3.21-community	7.0.12-r0	None	fixed
redis	3.20-community	7.0.12-r0	None	fixed
redis	3.19-main	7.0.12-r0	None	fixed
redis	3.19-main	7.0.8-r0	None	possibly vulnerable
redis	3.19-main	7.0.6-r0	None	possibly vulnerable
redis	3.19-main	7.0.5-r0	None	possibly vulnerable
redis	3.19-main	7.0.4-r0	None	possibly vulnerable
redis	3.18-main	7.0.12-r0	TBK <alpine@jjtc.eu>	fixed
redis	3.17-main	7.0.12-r0	TBK <alpine@jjtc.eu>	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages