Bug 1592892 (CVE-2018-12453) - CVE-2018-12453 redis: type confusion in the xgroupCommand function in t_stream.c
Summary: CVE-2018-12453 redis: type confusion in the xgroupCommand function in t_stream.c
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-12453
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1592893 1592894 1592895
Blocks: 1592896
TreeView+ depends on / blocked
 
Reported: 2018-06-19 14:33 UTC by Laura Pardo
Modified: 2020-10-09 07:43 UTC (History)
34 users (show)

Fixed In Version: redis 5.0-rc3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-06-20 08:38:45 UTC
Embargoed:

Attachments (Terms of Use)

Description Laura Pardo 2018-06-19 14:33:25 UTC 
A flaw was found in Redis before 5.0. A type confusion in the xgroupCommand function in t_stream.c in redis-server allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.


References:
https://gist.github.com/fakhrizulkifli/34a56d575030682f6c564553c53b82b5 	
https://github.com/antirez/redis/commit/c04082cf138f1f51cedf05ee9ad36fb6763cafc6
Comment 1 Laura Pardo 2018-06-19 14:34:06 UTC 
Created redis tracking bugs for this issue:

Affects: epel-all [bug 1592893]
Affects: fedora-all [bug 1592895]
Comment 3 Summer Long 2018-06-20 03:08:54 UTC 
The Streams implementation was first committed in 5.0-rc1: https://github.com/antirez/redis/tree/5.0-rc1/src
This fix is for 5.0-rc3. The flawed code is not in earlier versions; openstack uses at the latest, redis-3.2.8-2.el7ost
Setting all openstack to notaffected.
Comment 4 Nathan Scott 2018-06-20 08:38:45 UTC 
This code (t_stream.c) is part of the not-yet-released-upstream redis-5 series - its still in beta upstream, is not released, and is not in any Red Hat product.
Note You need to log in before you can comment on or make changes to this bug.