Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unpatched Redis Sources (CVE-2022-33105) #3830

Closed
Garnik645 opened this issue Sep 30, 2024 · 2 comments · Fixed by #4239
Closed

Unpatched Redis Sources (CVE-2022-33105) #3830

Garnik645 opened this issue Sep 30, 2024 · 2 comments · Fixed by #4239
Assignees
@romange
Labels
API-7 Redis API 7 bug Something isn't working important higher priority than the usual ongoing development tasks STREAMS Streams API

Comments

@Garnik645
Copy link

The master branch of the dragonfly project contains unpatched sources from redis, in which CVE-2022-33105 was reported with high severity. The function streamGetEdgeID from dragonfly/src/redis/t_stream.c does not include patches and updates available in newer versions of redis, which can cause a memory leak. The fix for CVE can be found in this commit: redis commit.

To ensure that all patches are applied, I recommend updating the redis files in the dragonfly project to the latest version.

My report was primarily based on a static analysis tool developed at CAST, which flagged the potential vulnerability due to similarities in the codebase.
@Garnik645 Garnik645 added the bug Something isn't working label Sep 30, 2024
@romange romange added the important higher priority than the usual ongoing development tasks label Sep 30, 2024
@romange
Copy link
Collaborator

romange commented Sep 30, 2024

Thanks for reporting this, we will sync t_stream with Valkey OSS.

@romange
Copy link
Collaborator

romange commented Nov 20, 2024

@adiholden we should schedule this task at some point

@romange romange added API-7 Redis API 7 STREAMS Streams API labels Nov 26, 2024
@romange romange assigned romange and unassigned adiholden Dec 2, 2024
romange added a commit that referenced this issue Dec 2, 2024
@romange
fix: bugs in stream code
7713240 
1. Memory leak in streamGetEdgeID
2. Addresses CVE-2022-31144
3. Fixes XAUTOCLAIM bugs and adds tests.
4. Limits the count argument in XAUTOCLAIM command to 2^18 (CVE-2022-35951)

Also fixes #3830

Signed-off-by: Roman Gershman <[email protected]>
@romange romange mentioned this issue Dec 2, 2024
Merged
@romange romange closed this as completed in dcee9a9 Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romange romange

Labels
API-7 Redis API 7 bug Something isn't working important higher priority than the usual ongoing development tasks STREAMS Streams API
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bugs in stream code dragonflydb/dragonfly
3 participants
@romange @Garnik645 @adiholden