FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- heap overflow in COMMAND GETKEYS and ACL evaluation

Affected packages
redis < 7.0.12
redis-devel <


VuXML ID 6fae2d6c-1f38-11ee-a475-080027f5fec9
Discovery 2023-07-10
Entry 2023-07-10

Redis core team reports:

Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.


CVE Name CVE-2023-36824