Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-36824

Опубликовано: 11 июл. 2023
Источник: nvd
CVSS3: 7.4
CVSS3: 8.8
EPSS Критический

Описание

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted COMMAND GETKEYS or COMMAND GETKEYSANDFLAGSand authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Версия от 7.0.0 (включая) до 7.0.12 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.91313
Критический

7.4 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-122
CWE-787

Связанные уязвимости

ubuntu логотип

CVE-2023-36824

CVSS3: 7.4
ubuntu
почти 2 года назад

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

redhat логотип

CVE-2023-36824

CVSS3: 8.8
redhat
почти 2 года назад

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

debian логотип

CVE-2023-36824

CVSS3: 7.4
debian
почти 2 года назад

Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...

fstec логотип

BDU:2023-04264

CVSS3: 8.8
fstec
почти 2 года назад

Уязвимость системы управления базами данных (СУБД) Redis, cвязанная с переполнением буфера, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20230825-04

CVSS3: 8.8
redos
почти 2 года назад

Уязвимость Redis

EPSS

Процентиль: 100%
0.91313
Критический

7.4 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-122
CWE-787