nvd-json-data-feeds/CVE-2023/CVE-2023-428xx/CVE-2023-42809.json

{
  "id": "CVE-2023-42809",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-10-04T20:15:10.263",
  "lastModified": "2023-10-10T17:21:16.110",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue.\n\nSome post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization."
    },
    {
      "lang": "es",
      "value": "Redisson es un cliente Java Redis que utiliza el framework Netty. Antes de la versi\u00f3n 3.22.0, algunos de los mensajes recibidos del servidor Redis contienen objetos Java que el cliente deserializa sin mayor validaci\u00f3n. Los atacantes que logran enga\u00f1ar a los clientes para que se comuniquen con un servidor malicioso pueden incluir objetos especialmente manipulados en sus respuestas que, una vez deserializados por el cliente, lo obligan a ejecutar c\u00f3digo arbitrario. Se puede abusar de esto para tomar el control de la m\u00e1quina en la que se ejecuta el cliente. La versi\u00f3n 3.22.0 contiene un parche para este problema. Se encuentran disponibles algunos consejos posteriores a la reparaci\u00f3n. NO utilice `Kryo5Codec` como c\u00f3dec de deserializaci\u00f3n, ya que a\u00fan es vulnerable a la deserializaci\u00f3n arbitraria de objetos debido a la llamada `setRegistrationRequired(false)`. Por el contrario, \"KryoCodec\" es seguro de usar. La soluci\u00f3n aplicada a `SerializationCodec` solo consiste en agregar una lista opcional de nombres de clases de permitidos, aunque se recomienda que este comportamiento sea el predeterminado. Al crear una instancia de `SerializationCodec`, utilice el constructor `SerializationCodec(ClassLoader classLoader, Set AllowClasses)` para restringir las clases permitidas para la deserializaci\u00f3n."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:redisson:redisson:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "3.22.0",
              "matchCriteriaId": "9E83B6EC-FF08-4044-9EAA-769C599F95BA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/redisson/redisson/commit/fe6a2571801656ff1599ef87bdee20f519a5d1fe",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ]
    },
    {
      "url": "https://securitylab.github.com/advisories/GHSL-2023-053_Redisson/",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}