cbcvebase.
CVE-2022-35977
published 2023-01-20

CVE-2022-35977: Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer…

PriorityP341medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
33.27%
98.2th percentile
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

18 ranges
VendorProductVersion rangeFixed in
debianredis< redis 5:7.0.8-1 (bookworm)redis 5:7.0.8-1 (bookworm)
msrccbl2_redis_6.2.9-1_on_cbl_mariner_2.0
msrccm1_redis_6.2.7-3_on_cbl_mariner_1.0
redisredis< 6.0.176.0.17
redisredis
redisredis
redisredis>= 0 < 5:6.0.16-1+deb11u45:6.0.16-1+deb11u4
redisredis>= 0 < 5:7.0.8-15:7.0.8-1
redisredis>= 0 < 5:7.0.8-15:7.0.8-1
redisredis>= 0 < 5:7.0.8-15:7.0.8-1
redisredis>= 0 < 2:2.8.4-2ubuntu0.2+esm32:2.8.4-2ubuntu0.2+esm3
redisredis>= 0 < 2:3.0.6-1ubuntu0.4+esm22:3.0.6-1ubuntu0.4+esm2
redisredis>= 0 < 5:4.0.9-1ubuntu0.2+esm45:4.0.9-1ubuntu0.2+esm4
redisredis>= 0 < 5:5.0.7-2ubuntu0.1+esm25:5.0.7-2ubuntu0.1+esm2
redisredis>= 0 < 5:6.0.16-1ubuntu1+esm15:6.0.16-1ubuntu1+esm1
redisredis>= 6.0.0 < 6.0.176.0.17
redisredis>= 6.2.0 < 6.2.96.2.9
redisredis>= 7.0.0 < 7.0.87.0.8

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH
vendor_ubuntu7.0HIGH
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.