Bug 2221664 (CVE-2023-36824)

Summary: CVE-2023-36824 redis: heap overflow in COMMAND GETKEYS and ACL evaluation
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acrosby, adudiak, agarcial, aileenc, amasferr, aoconnor, asegurap, bbuckingham, bcourt, bdettelb, caswilli, chazlett, crarobin, dffrench, dhughes, eglynn, ehelms, epacific, fjansen, gmalinko, gparvin, gzaronik, hhorak, hkataria, janstey, jburrell, jcammara, jhardy, jjoyce, jmadigan, jmitchel, jneedle, jobarker, jorton, jsherril, jtanner, kaycoth, kshier, lhh, lzap, mabashia, mburns, mgarciac, mhulan, micjohns, mkleinhe, myarboro, nathans, ngough, njean, nmoumoul, nweather, oezr, orabin, owatkins, pahickey, pamccart, pcreech, pdelbell, pgrist, rchan, rcollet, redis-maint, rgodfrey, simaishi, smcdonal, stcannon, sthirugn, teagle, tjochec, vkrizan, vmugicag, yguenane, zsadeh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: redis-server 7.0.12 Doc Type: If docs needed, set a value
Doc Text:
A heap overflow vulnerability was found in Redis, where extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption, and potentially remote code execution. This flaw allows an attacker to trick authenticated users into executing a specially crafted COMMAND GETKEYS or COMMAND GETKEYSANDFLAGS and also trick authenticated users who were set with ACL rules that match key names, to execute a specially crafted command that refers to a variadic list of key names.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2221683, 2221684, 2221685, 2221686, 2221687, 2221688, 2221689, 2222026    
Bug Blocks: 2221650    

Description Zack Miele 2023-07-10 14:53:59 UTC 
CVE-2023-36824 - Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.

Affected versions >= 7.0.0

https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
Comment 2 TEJ RATHI 2023-07-11 15:01:24 UTC 
Created redis tracking bugs for this issue:

Affects: fedora-all [bug 2222026]