Redis Stack Buffer Overflow Vulnerability in XACKDEL Command Potentially Leading to Remote Code Execution

A stack buffer overflow vulnerability has been identified in Redis versions 8.2.0 and above. The issue arises when the XACKDEL command is executed with multiple IDs, exceeding the static vector length limit. This oversight can lead to a stack overflow, with the potential for remote code execution. The vulnerability was introduced in a previous update and has been fixed in version 8.2.3.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can be exploited to execute arbitrary code remotely on the server.

Reproduction

The vulnerability can be reproduced by sending an XACKDEL command with more than eight IDs, which exceeds the maximum limit of the static vector used by the command. This can be done using Redis' command-line interface or through a Redis client that allows for sending custom commands.

Remediation

Users can upgrade to Redis version 8.2.3, where this vulnerability has been fixed. Alternatively, the XACKDEL command can be restricted using Access Control Lists (ACLs) to prevent its use.