cbcvebase.
CVE-2022-31144
published 2022-07-19

CVE-2022-31144: Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap…

PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.38%
81.8th percentile
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Affected

8 ranges
VendorProductVersion rangeFixed in
debianredis< redis 5:7.0.4-1 (bookworm)redis 5:7.0.4-1 (bookworm)
msrccbl2_redis_6.2.9-1_on_cbl_mariner_2.0
msrccm1_redis_6.2.9-1_on_cbl_mariner_1.0
redisredis
redisredis>= 0 < 5:7.0.4-15:7.0.4-1
redisredis>= 0 < 5:7.0.4-15:7.0.4-1
redisredis>= 0 < 5:7.0.4-15:7.0.4-1
redisredis>= 7.0 < 7.0.47.0.4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered by a specially crafted XAUTOCLAIM command sent to a Redis stream key in a specific state, resulting in a heap overflow. Monitor for unusual or malformed XAUTOCLAIM commands on Redis instances.
  • Only Redis versions 7.0.0 through 7.0.3 are affected. Redis 6.x instances are NOT vulnerable. Focus detection and patching efforts on Redis 7.x deployments.
  • The flaw is a heap-based buffer overflow within the XAUTOCLAIM command implementation. Look for heap corruption indicators or crashes in Redis 7.x processes following XAUTOCLAIM usage.
  • ·Only Redis 7.x versions prior to 7.0.4 are affected. Redis 6.x is not vulnerable. Ensure patched version 7.0.4 or later is deployed to remediate.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian7.0HIGH
vendor_msrc7.0HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.