Redis Memory Consumption Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in Redis versions through 7.4.3. The issue arises when an authenticated user sends a multi-bulk command composed of many bulks. The Redis server allocates memory for each bulk's command arguments, even if the command is not executed due to insufficient permissions. This behavior can be exploited to exhaust the server's memory, causing an out-of-memory crash.

Impact

Exploitation of this vulnerability leads to a full denial-of-service condition, causing the Redis server to crash due to out-of-memory conditions.

Reproduction

To reproduce this vulnerability, an authenticated Redis user can send a multi-bulk command with a large number of bulks. Each bulk should be crafted to consume a significant amount of memory. The server will allocate memory for the command arguments of each bulk, leading to an out-of-memory situation. This can be done using the Redis command line interface or a Redis client library.