Bug 1213249 (CVE-2023-36824)

Summary: VUL-0: CVE-2023-36824: redis: redis: heap overflow in COMMAND GETKEYS and ACL evaluation
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Leroy <thomas.leroy>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: cathy.hu, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/371898/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-36824:7.4:(AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Leroy 2023-07-12 13:04:01 UTC 
CVE-2023-36824

CVE-2023-36824 - Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.

Affected versions >= 7.0.0

https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3

Upstream fix:
https://github.com/redis/redis/commit/bd1dac0c6e9b76d0e6439bc74ee83552edcd0d79

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36824
https://bugzilla.redhat.com/show_bug.cgi?id=2221664
https://www.cve.org/CVERecord?id=CVE-2023-36824
https://github.com/redis/redis/releases/tag/7.0.12
https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3
Comment 1 Thomas Leroy 2023-07-12 13:04:54 UTC 
Affected:
- SUSE:ALP:Source:Standard:1.0
- openSUSE:Factory
Comment 3 Maintenance Automation 2023-07-20 20:40:08 UTC 
SUSE-SU-2023:2925-1: An update that solves six vulnerabilities can now be installed.

Category: security (important)
Bug References: 1208790, 1208793, 1209528, 1210548, 1213193, 1213249
CVE References: CVE-2022-24834, CVE-2022-36021, CVE-2023-25155, CVE-2023-28425, CVE-2023-28856, CVE-2023-36824
Sources used:
openSUSE Leap 15.5 (src): redis7-7.0.8-150500.3.3.1
Server Applications Module 15-SP5 (src): redis7-7.0.8-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Gabriele Sonnu 2024-06-10 12:25:59 UTC 
All done, closing.