Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-36824

Published: 11/07/2023 Updated: 14/08/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Redis

Vulnerability Summary

Redis is an in-memory database that persists on disk. In Redit 7.0 before 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redis redis

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: redis: CVE-2023-36824: Heap overflow in COMMAND GETKEYS and ACL evaluation
Debian Bug report logs - #1040879 redis: CVE-2023-36824: Heap overflow in COMMAND GETKEYS and ACL evaluation Package: src:redis; Maintainer for src:redis is Chris Lamb <lamby@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Jul 2023 20:51:02 UTC Severity: grave Tags: security, upstream ...
Red Hat:
Description<!----> This CVE is under investigation by Red Hat Product Security ...

References

CWE-122CWE-131https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3https://github.com/redis/redis/releases/tag/7.0.12https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/https://security.netapp.com/advisory/ntap-20230814-0009/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040879https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-36824
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook