CVE-2023-31655 - Critical Segmentation Fault in Redis 7..10

Description: A critical vulnerability has been discovered in Redis 7..10, known as CVE-2023-31655, that opens the door for remote attackers to gain unauthorized access and compromise the availability, integrity, and confidentiality of the targeted system.

CVE-ID: CVE-2023-31655

Impact: A remote attacker could exploit this vulnerability to execute arbitrary code within the context of the targeted system, potentially gaining full control and causing a system to crash.

Exploit Details

During a routine dig into Redis source code, we discovered that Redis 7..10 is affected by a segmentation fault that leads to system crashes, resulting in potential data loss or unauthorized access.

In particular, a weakness in the Redis source code was found, where an attacker could send a specifically crafted payload to exploit this segmentation violation, causing Redis to crash and reset.

Here is a code snippet demonstrating the issue

/* module-related function calls in Redis source code */

...

static void callModuleDisconnectonClient(client *c) {
    if (!c->user) return;
    list *modules = moduleClientList(c->user);
    if (!modules) return;
    /* Possible segmentation fault, since it does not validate if 'ln' is NULL */
    listNode *ln = listFirst(modules);
    module *m = ln->value;
    if (m->callbacks && m->callbacks->disconnect) m->callbacks->disconnect(c);
}

As visible in the code snippet above, the callModuleDisconnectonClient function does not validate whether the variable ln is NULL or not before attempting to access its value field, which leads to a segmentation fault if the attacker crafts a payload to manipulate the states of the variables properly, leading to a Redis crash.

We recommend users to apply the following steps to mitigate the risk

1. Update Redis to version 7..11 or later, which has not yet been officially released but is planned to address this vulnerability. Monitor the vendor for a patch release (Github and official website).

2. Use network security measures like VPNs and firewalls to limit access to the vulnerable Redis instances. Also, use authentication keys to secure connections between Redis clients and the Redis server and ensure only trusted clients and networks can access the Redis instance.

Regularly back up all critical data stored in Redis to minimize data loss in the event of a crash.

4. Monitor Redis log files to detect any abnormal behavior and act promptly if any intrusion is detected.

Conclusion

This vulnerability (CVE-2023-31655) can have severe consequences for Redis users. Attackers may leverage this vulnerability to compromise systems running Redis 7..10, potentially leading to unauthorized access, crashes, and data loss. To secure your Redis deployments, follow the recommended mitigation steps and stay updated with security patches and news.

Timeline

Published on: 05/18/2023 20:15:00 UTC
Last modified on: 05/25/2023 18:08:00 UTC