=====================================================================

                               CERT-Renater

                    Note d'Information No. 2022/VULN345

_____________________________________________________________________

DATE                : 23/09/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running  Redis versions 7.0.x prior
                                      to 7.0.5.

=====================================================================
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
_____________________________________________________________________

Heap overflow in Redis 7.0 XAUTOCLAIM command's COUNT argument.
High	yossigo published GHSA-5gc4-76rx-22c9

Package
Redis (N/A)

Affected versions
  > = 7.0.0

Patched versions
7.0.5


Description
Impact
Executing a XAUTOCLAIM command on a stream key in a specific state,
with a specially crafted COUNT argument may cause an integer overflow,
a subsequent heap overflow, and potentially lead to remote code
execution. The problem affects Redis versions 7.0.0 or newer.


Patches
The problem is fixed in Redis version 7.0.5.


Credits
This problem was identified by Xion (SeungHyun Lee) of KAIST GoN.



For more information
If you have any questions or comments about this advisory:

Open an issue in the Redis repository
Email us at redis@redis.io


Severity
High

7.0/ 10

CVSS base metrics

Attack vector
Local

Attack complexity
High

Privileges required
Low

User interaction
None

Scope
Unchanged

Confidentiality
High

Integrity
High

Availability
High

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2022-35951

Weaknesses
CWE-680


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================