CVE-2022-36021 – Redis string pattern matching can be abused to achieve Denial of Service
https://notcve.org/view.php?id=CVE-2022-36021
Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. • https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv • CWE-407: Inefficient Algorithmic Complexity •
CVE-2022-35977 – Integer overflow in certain command arguments can drive Redis to OOM panic
https://notcve.org/view.php?id=CVE-2022-35977
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 https://github.com/redis/redis/releases/tag/6.0.17 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j • CWE-190: Integer Overflow or Wraparound •
CVE-2023-22458 – Integer overflow in multiple Redis commands can lead to denial-of-service
https://notcve.org/view.php?id=CVE-2023-22458
Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/redis/redis/commit/16f408b1a0121cacd44cbf8aee275d69dc627f02 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj • CWE-190: Integer Overflow or Wraparound •
CVE-2022-3647 – Redis Crash Report debug.c sigsegvHandler denial of service
https://notcve.org/view.php?id=CVE-2022-3647
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. • https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 https://vuldb.com/?ctiid.211962 https://vuldb.com/?id.211962 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-35951 – Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
https://notcve.org/view.php?id=CVE-2022-35951
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist. • https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C https://security.gentoo.org/glsa/202209-17 https://security.netapp.com/advisory/ntap-20221020-0005 • CWE-190: Integer Overflow or Wraparound •