CVE-2022-35951 — Integer Overflow or Wraparound in Redis

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

36.9%

top 2.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redis Debian Redis Fedoraproject Fedora

Timeline

PublishedSep 23

Description

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDredis/redis7.0.0 — 7.0.5

▶debiandebian/redis< redis 5:7.0.5-1 (bookworm)

▶Debianredis/redis< 5:7.0.5-1+2

▶CVEListV5redis/redis>= 7.0.0, < 7.0.5

Also affects: Fedora 37

🔴Vulnerability Details

OSV

CVE-2022-35951: Redis is an in-memory database that persists on disk↗2022-09-23

▶

📋Vendor Advisories

Red Hat

redis: heap overflow in XAUTOCLAIM command's COUNT argument↗2022-09-22

▶

Debian

CVE-2022-35951: redis - Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, ...↗2022

▶