Vulnerability Details : CVE-2023-36824
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.
Vulnerability category: Execute code
Products affected by CVE-2023-36824
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
- cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Threat overview for CVE-2023-36824
Top countries where our scanners detected CVE-2023-36824
Top open port discovered on systems with this issue
6379
IPs affected by CVE-2023-36824 9,860
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2023-36824!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2023-36824
91.31%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-36824
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
|
7.4
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-36824
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: security-advisories@github.com (Secondary)
-
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.Assigned by: security-advisories@github.com (Secondary)
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-36824
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/
[SECURITY] Fedora 38 Update: redis-7.0.12-1.fc38 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/redis/redis/releases/tag/7.0.12
Release 7.0.12 · redis/redis · GitHubRelease Notes
-
https://security.netapp.com/advisory/ntap-20230814-0009/
CVE-2023-36824 Redis Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/
[SECURITY] Fedora 37 Update: redis-7.0.12-1.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
Heap overflow in COMMAND GETKEYS and ACL evaluation · Advisory · redis/redis · GitHubVendor Advisory
Jump to