CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36824

Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.908

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2023-36824

Redis » Redis » Version: 7.0.0

cpe:2.3:a:redis:redis:7.0.0
Redis » Redis » Version: 7.0.1

cpe:2.3:a:redis:redis:7.0.1
Redis » Redis » Version: 7.0.10

cpe:2.3:a:redis:redis:7.0.10
Redis » Redis » Version: 7.0.11

cpe:2.3:a:redis:redis:7.0.11
Redis » Redis » Version: 7.0.2

cpe:2.3:a:redis:redis:7.0.2
Redis » Redis » Version: 7.0.3

cpe:2.3:a:redis:redis:7.0.3
Redis » Redis » Version: 7.0.4

cpe:2.3:a:redis:redis:7.0.4
Redis » Redis » Version: 7.0.5

cpe:2.3:a:redis:redis:7.0.5
Redis » Redis » Version: 7.0.6

cpe:2.3:a:redis:redis:7.0.6
Redis » Redis » Version: 7.0.7

cpe:2.3:a:redis:redis:7.0.7
Redis » Redis » Version: 7.0.8

cpe:2.3:a:redis:redis:7.0.8
Redis » Redis » Version: 7.0.9

cpe:2.3:a:redis:redis:7.0.9
Fedoraproject » Fedora » Version: 37

cpe:2.3:o:fedoraproject:fedora:37
Fedoraproject » Fedora » Version: 38

cpe:2.3:o:fedoraproject:fedora:38

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36824

Products

Pricing

Contact Us