SB2024080708 - Gentoo update for Redis

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024080708

SB2024080708 - Gentoo update for Redis

Published: August 7, 2024

Security Bulletin ID SB2024080708
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 9% Medium 55% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2022-24834)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the cjson and cmsgpack libraries. A remote attacker can trick the victim into using a specially crafted Lua script to trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Integer overflow (CVE-ID: CVE-2022-35977)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in SETRANGE and SORT/SORT_RO commands. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and perform a denial of service (DoS) attack.


3) Resource exhaustion (CVE-ID: CVE-2022-36021)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when matching commands (like SCAN or KEYS) with a specially crafted pattern. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Integer overflow (CVE-ID: CVE-2023-22458)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in HRANDFIELD and ZRANDMEMBER commands. A remote attacker can pass specially crafted input to the application, trigger an integer overflow and perform a denial of service (DoS) attack.


5) Integer overflow (CVE-ID: CVE-2023-25155)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the "SRANDMEMBER", "ZRANDMEMBER" and "HRANDFIELD" commands. A local user can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


6) Reachable Assertion (CVE-ID: CVE-2023-28425)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling the MSETNX command. A remote attacker can send a specially crafted MSETNX command and perform a denial of service (DoS) attack.


7) Input validation error (CVE-ID: CVE-2023-28856)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access.


8) Heap-based buffer overflow (CVE-ID: CVE-2023-36824)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when extracting key names from a command and a list of arguments. A local user can execute the "COMMAND GETKEYS" or "COMMAND GETKEYSANDFLAGS" commands or execute a specially crafted command that refers to a variadic list of key names along with ACL rules that match key names to trigger a heap-based buffer overflow and execute arbitrary code on the target system.


9) Improper access control (CVE-ID: CVE-2023-41053)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to Redis does not correctly identify keys accessed by SORT_RO. This may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration.


10) Heap-based buffer overflow (CVE-ID: CVE-2023-41056)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when resizing memory buffers. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


11) Race condition (CVE-ID: CVE-2023-45145)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between listen(2) and chmod(2) calls on startup. A local user can exploit the race and escalate privileges on the system.


Remediation

Install update from vendor's website.

References