Bug 1203638 (CVE-2022-35951)

Summary: VUL-0: CVE-2022-35951: redis: Fix heap overflow vulnerability in XAUTOCLAIM
Product: [openSUSE] openSUSE Tumbleweed Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Danilo Spinella <danilo.spinella>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: danilo.spinella, michael, thomas.leroy
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2022-09-21 20:59:15 UTC
In Redis before 7.0.5, executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow a subsequent heap overflow, and potentially lead to remote code execution.

Affects Redis 7.0.0 or newer, fixed in 7.0.5.

References:
https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a
Comment 1 Andreas Stieger 2022-09-21 21:01:29 UTC
https://build.opensuse.org/request/show/1005286
Danilo, recommend you add Michael as a maintainer
Comment 2 Michael Ströder 2022-09-21 21:04:28 UTC
(In reply to Andreas Stieger from comment #1)
> Danilo, recommend you add Michael as a maintainer

Nope. I don't want that.
Comment 3 Thomas Leroy 2022-09-22 07:59:18 UTC
Thanks for the report Andreas.
The integer overflow was introduced in 7.0-rc2, therefore none of the SUSE codestream is affected.
Comment 4 Andreas Stieger 2022-09-22 08:03:36 UTC
done https://build.opensuse.org/request/show/1005332