Redis Invalid Memory Access Vulnerability in RESTORE Command Leading to Remote Code Execution

A vulnerability exists in the Redis RESTORE command, present in all versions prior to 8.6.3. This issue arises from improper validation of serialized values, allowing authenticated attackers with permission to execute the RESTORE command to send crafted payloads that trigger invalid memory access. Such exploitation could result in remote code execution on the server where Redis is running.

Impact

Exploitation of this vulnerability can lead to remote code execution on the affected Redis server, potentially allowing an authenticated attacker to execute arbitrary code with the server's privileges. This could result in a complete compromise of the system, unauthorized access to data, or disruption of services.

Remediation

Users can upgrade to Redis version 8.6.3 or later, where this vulnerability has been patched. Alternatively, access to the RESTORE command can be restricted using ACL rules to prevent unauthorized use.