CVE-2023-28425: Critical Vulnerability in Redis' MSETNX Command Affecting Versions 7..8 to 7..10

Redis, an open-source in-memory data store that also persists data to disk, has recently been affected by a critical vulnerability. This vulnerability, identified as CVE-2023-28425, impacts Redis versions 7..8 through 7..10. Authenticated users can exploit this vulnerability by using the MSETNX command, causing the Redis server's process to terminate. Fortunately, this issue has been resolved as of Redis version 7..10.

In this blog post, we'll take a closer look at the details of this vulnerability, explain how it can be exploited, and provide recommendations for updating your Redis installations to avoid potential security risks.

Vulnerability Details

The CVE-2023-28425 vulnerability is related to the way the Redis server processes the MSETNX command. When an authenticated user uses this command in versions 7..8 to 7..10, it can trigger a runtime assertion, causing the Redis server's process to terminate unexpectedly. This can open Redis up to potential security risks, including denial of service attacks.

Exploit

To exploit this vulnerability, an attacker must first authenticate themselves to the targeted Redis server. Once authenticated, the attacker can then use specially crafted MSETNX commands to cause the server's process to terminate.

For example, an attacker might execute the following MSETNX command

MSETNX key1 value1 key2

This command lacks a value for "key2," leading the Redis server to encounter the runtime assertion and terminate. Please note that this is just one example of how this vulnerability could be exploited; other commands might achieve the same result.

Original References

The researchers who discovered this vulnerability initially reported it to Redis Labs. The Redis Labs team then addressed the issue in Redis version 7..10, which you can learn more about in the Redis 7..10 release notes.

The following resources provide additional information on CVE-2023-28425

1. National Vulnerability Database Entry
2. Redis Labs Security Advisory

Recommendations

To mitigate this vulnerability and protect your Redis servers, we recommend taking the following steps:

1. Upgrade your Redis installations to version 7..10 or later. This version includes the fix for the MSETNX command issue and will prevent attackers from exploiting this vulnerability.
2. Ensure that you have strong authentication measures in place for your Redis servers. By requiring strong authentication, you can minimize the chances of unauthorized users gaining access to your server and exploiting vulnerabilities like CVE-2023-28425.
3. Regularly monitor and review your Redis logs for unusual activity that may indicate attempted or successful exploitation of this vulnerability.

Conclusion

In conclusion, Redis users running versions 7..8 through 7..10 are urged to update their installations to version 7..10 or later as soon as possible to mitigate the CVE-2023-28425 vulnerability. This issue can have serious consequences for your server, potentially resulting in denial of service attacks or other security risks. By following the recommendations outlined in this blog post, you can secure your Redis installations and ensure the stability of your data storage solutions.

Timeline

Published on: 03/20/2023 20:15:00 UTC
Last modified on: 04/13/2023 17:15:00 UTC