CVE-2022-31144: Potential heap overflow in Redis
First published: Tue Jul 19 2022(Updated: )
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redis Redis | >=7.0<7.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31144?
CVE-2022-31144 is a vulnerability in Redis, an in-memory database, that can result in a heap overflow and potentially remote code execution.
What versions of Redis are affected by CVE-2022-31144?
Versions on the 7.x branch prior to 7.0.4 are affected by CVE-2022-31144.
How severe is CVE-2022-31144?
CVE-2022-31144 has a severity rating of 8.8 (high).
How can I fix CVE-2022-31144?
To fix CVE-2022-31144, upgrade to version 7.0.4 of Redis.
Where can I find more information about CVE-2022-31144?
You can find more information about CVE-2022-31144 in the following references: [GitHub](https://github.com/redis/redis/releases/tag/7.0.4), [GitHub Security Advisory](https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh), [Gentoo Security Advisory](https://security.gentoo.org/glsa/202209-17).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/title
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/redis
- canonical/redis redis
- version/redis redis/7.0