Bug 1203638 - (CVE-2022-35951) VUL-0: CVE-2022-35951: redis: Fix heap overflow vulnerability in XAUTOCLAIM
(CVE-2022-35951)
VUL-0: CVE-2022-35951: redis: Fix heap overflow vulnerability in XAUTOCLAIM
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other openSUSE Tumbleweed
: P3 - Medium : Normal (vote)
: ---
Assigned To: Danilo Spinella
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-21 20:59 UTC by Andreas Stieger
Modified: 2022-09-22 08:03 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2022-09-21 20:59:15 UTC
In Redis before 7.0.5, executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow a subsequent heap overflow, and potentially lead to remote code execution.

Affects Redis 7.0.0 or newer, fixed in 7.0.5.

References:
https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a
Comment 1 Andreas Stieger 2022-09-21 21:01:29 UTC
https://build.opensuse.org/request/show/1005286
Danilo, recommend you add Michael as a maintainer
Comment 2 Michael Ströder 2022-09-21 21:04:28 UTC
(In reply to Andreas Stieger from comment #1)
> Danilo, recommend you add Michael as a maintainer

Nope. I don't want that.
Comment 3 Thomas Leroy 2022-09-22 07:59:18 UTC
Thanks for the report Andreas.
The integer overflow was introduced in 7.0-rc2, therefore none of the SUSE codestream is affected.
Comment 4 Andreas Stieger 2022-09-22 08:03:36 UTC
done https://build.opensuse.org/request/show/1005332