Valkey Integer Underflow Vulnerability in Networking Component Allowing for Potential Memory Issues
Vulnerability
A vulnerability exists in the Valkey application, specifically in the networking component, in versions through 8.1.1. The issue is an integer underflow that occurs when calculating the difference between 'prev->size' and 'prev->used'. This flaw could lead to unexpected behavior or memory-related issues.
Impact
Exploitation of this vulnerability causes an integer underflow, which can lead to memory corruption or other unintended behaviors in the application.
Reproduction
The vulnerability can be reproduced by manipulating the 'prev' node in a linked list such that 'prev->used' is greater than 'prev->size'. This can be done by creating a list node with a size that is smaller than the used value, which will trigger the underflow when the deferred reply function processes the node.
Remediation
Users can update to Valkey version 8.1.2 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.