FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- heap overflow in COMMAND GETKEYS and ACL evaluation

Affected packages
redis < 7.0.12
redis-devel < 7.0.12.20230710

Details

VuXML ID 6fae2d6c-1f38-11ee-a475-080027f5fec9
Discovery 2023-07-10
Entry 2023-07-10

Redis core team reports:

Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.

[source]

References

CVE Name CVE-2023-36824
URL https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
URL https://groups.google.com/g/redis-db/c/JDjKS0GubsQ

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.