CVE CyberSecurity Database News

CVE-2024-31227 - Redis Server Panic and Denial of Service in ACL Selector

Poster -

CVE-2024-31227 is a critical vulnerability within Redis, an open-source, in-memory database that persists on disk. When exploited, this vulnerability causes a server panic and subsequent denial of service, affecting the availability and performance of the affected system. This issue exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are strongly advised to upgrade to the latest version to mitigate the risks associated with this vulnerability. There are currently no known workarounds for this particular issue. In this post, we will delve deeper into the technical details and origins of this vulnerability, its exploitation, and potential impacts.

Vulnerability Description

The vulnerability lies in the Access Control Lists (ACL) selector functionality of Redis. An authenticated user with sufficient privileges can create a malformed ACL selector that, when accessed, triggers a server panic and subsequent denial of service. The root cause of this issue is a lack of proper input validation, which allows attackers to craft malicious ACL selectors, destabilizing the server and disrupting its normal operations.

Technical Details

To better understand this vulnerability, let's take a closer look at its origins in the Redis codebase. The problematic code snippet can be found in the acl.c file:

void ACLLoadSelector(const sds selector) {
    listIter *rel = listGetIterator(ACLs, AL_START_TAIL);
    listNode *node;
...
}

This function is responsible for loading and parsing ACL selectors. However, it does not properly validate the input, making it susceptible to malformed selectors that could lead to unexpected behavior or crashes.

Exploitation

An attacker with the necessary privileges can exploit this vulnerability by crafting a malformed ACL selector configuration in the following manner:

CONFIG SET acl-selector "malformed_selector_here"

When a legitimate user or system process attempts to access the malformed ACL selector, a server panic will occur, leading to a denial of service attack and compromised availability of the system.

Impact

The potential impacts of this vulnerability are significant, as Redis is widely used across various industries for its high-performance, in-memory data storage capabilities. A successful exploitation of this vulnerability could lead to:

Remediation

The Redis team has released patches to address this vulnerability in versions 7.2.6 and 7.4.1. Users are strongly encouraged to upgrade their Redis installations to these latest versions. The relevant patches can be found at the following links:

- Redis 7.2.6
- Redis 7.4.1

While upgrading is the recommended course of action, users should also follow best security practices, such as:

Conclusion

CVE-2024-31227 is a critical vulnerability in Redis that can lead to server panic and denial of service attacks when a malformed ACL selector is accessed. Users of Redis 7 prior to versions 7.2.6 and 7.4.1 should immediately upgrade to protect their systems from this vulnerability, as there are no known workarounds for this issue. It is crucial for organizations that leverage Redis to take this vulnerability seriously and take swift action to minimize the risk of exploitation and its potential impacts.

Timeline

Published on: 10/07/2024 20:15:05 UTC
Last modified on: 10/10/2024 12:57:21 UTC