Bug 2140891 (CVE-2022-31144)

Summary: CVE-2022-31144 redis: heap overflow via XAUTOCLAIM command
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: adudiak, aileenc, amackenz, amasferr, apevec, bbuckingham, bcoca, bcourt, bdettelb, btotty, caswilli, chazlett, cwelton, davidn, dffrench, dhalasz, eglynn, ehelms, epacific, fjansen, gmalinko, gparvin, gzaronik, hhorak, janstey, jburrell, jcammara, jhardy, jjoyce, jneedle, jobarker, jorton, jpavlik, jsherril, jwong, jwon, kaycoth, kshier, lhh, lzap, mabashia, mburns, mgarciac, mhulan, micjohns, mkudlej, myarboro, nathans, ngough, njean, nmoumoul, orabin, osapryki, owatkins, pahickey, pcreech, pdelbell, rchan, rcollet, redis-maint, rgodfrey, rhos-maint, simaishi, smcdonal, spower, stcannon, sthirugn, teagle, tjochec, vkrizan, vkumar, vmugicag, yguenane, zsadeh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: redis 7.0.4 Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow flaw was found in Redis within the XAUTOCLAIM command implementation. This flaw allows an attacker to craft the XAUTOCLAIM command with malicious data on a stream key in a specific state that triggers a heap-based buffer overflow, possibly enabling remote code execution.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-04 13:33:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2139611    

Description TEJ RATHI 2022-11-08 05:59:13 UTC 
An issue was discovered in Redis where a specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

https://github.com/redis/redis/releases/tag/7.0.4
https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh
https://security.netapp.com/advisory/ntap-20220909-0002/
https://security.gentoo.org/glsa/202209-17
Comment 1 TEJ RATHI 2022-11-08 06:07:07 UTC 
References:
https://github.com/redis/redis/issues/10968
https://github.com/redis/redis/commit/15ae4e29e537e7ec37f0df1825d9fb2beea67124
Comment 3 Product Security DevOps Team 2022-12-04 13:33:09 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-31144