CVE CyberSecurity Database News

CVE-2022-3734 - Unofficial Redis Fork Vulnerability in Search Path on Windows

Poster -

A newly discovered vulnerability, dubbed CVE-2022-3734, has been found in an unofficial port or fork of the popular Redis key-value store. Although the existence of this vulnerability is currently disputed, it has been reported as a critical issue that could potentially lead to unauthorized access and potential data manipulation. This post aims to provide an exclusive insight into the key aspects of this vulnerability, including a code snippet, links to original references, and details about a possible exploit.

Type: Improper Search Path handling

Impact: The vulnerability affects the dbghelp.dll library at C:/Program Files/Redis/dbghelp.dll. If successfully exploited, it could lead to unauthorized access and potential manipulation of data stored in the Redis database.

Vector: The vulnerability can reportedly be exploited remotely, making it a significant risk factor for Redis servers running on the affected fork on Windows.

Exploit Status: A potential exploit has been made public, which could be readily used by attackers if the unofficial Redis fork is indeed vulnerable.

Affected Forks: As of now, only a specific port or fork of Redis running on Windows is believed to be affected by this vulnerability. The official Redis release for Linux is not affected.

Dispute Status: The real existence of this vulnerability has not yet been confirmed, and its impact might be lower than initially suspected.

Vulnerability Database Identifier: VDB-212416.

Code Snippet

Below is an example of how this vulnerability might be triggered by incorrect handling of the search path in the affected Redis fork on Windows:

// Sample code snippet demonstrating a potential vulnerability
#include <windows.h>

void LoadLibraryVulnerable() {
    HMODULE hMod = LoadLibrary(L"dbghelp.dll");
    
    if (hMod) {
        // Use the library
        FreeLibrary(hMod);
    }
}

This code snippet illustrates a possible way in which the Redis fork on Windows may inadvertently load a malicious version of dbghelp.dll from an untrusted source, potentially leading to unauthorized access and modification of data.

Original References and Further Reading

- Redis official website: https://redis.io/
- Redis on GitHub: https://github.com/redis/redis
- Windows DLL search path documentation: https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
- Vulnerability database entry (VDB-212416) https://example-vdb.com/vdb-212416

Exploit Details

As mentioned earlier, an exploit for this vulnerability has been made public. However, due to the disputed nature of CVE-2022-3734, it is essential to clarify that the official Redis release is not affected. This issue is allegedly present only in a specific unofficial fork or port on Windows.

To sum it up, while the potential impact of CVE-2022-3734 is quite significant, there is still doubt surrounding the very existence of this vulnerability in Redis. Therefore, it is crucial to stay informed and follow updates to validate the risks posed by CVE-2022-3734 and take appropriate measures if necessary.

Timeline

Published on: 10/28/2022 08:15:00 UTC
Last modified on: 11/29/2022 10:15:00 UTC