CVE-2022-33105Missing Release of Memory after Effective Lifetime in Redis

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
7.5HIGHNVD
EPSS
2.9%
top 13.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RedisDebian Redis
Timeline
PublishedJun 23
Latest updateJun 24

Description

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Ubunturedis/redis< 5:7.0.12-1
NVDredis/redis7.0
debiandebian/redis

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-35rf-7vhx-9phr: Redis v72022-06-24
OSV
CVE-2022-33105: Redis v72022-06-23

📋Vendor Advisories

2
Red Hat
redis: memory leak via streamGetEdgeID2022-06-23
Debian
CVE-2022-33105: redis - Redis v7.0 was discovered to contain a memory leak via the component streamGetEd...2022
CVE-2022-33105 — Redis vulnerability | cvebase