First published: Fri Sep 23 2022(Updated: )
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redis Redis | >=7.0.0<7.0.5 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35951 is an Integer Overflow vulnerability in Redis versions 7.0.0 through 7.0.4.
CVE-2022-35951 allows an attacker to cause an integer overflow and a subsequent heap overflow in Redis.
CVE-2022-35951 has a severity rating of 9.8 (Critical).
To fix CVE-2022-35951, upgrade Redis to version 7.0.5 or later.
Yes, you can find more information about CVE-2022-35951 at the following references: [link1], [link2], [link3].