CVE-2022-35977
Integer overflow in certain command arguments can drive Redis to OOM panic
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis es una base de datos en memoria que persiste en el disco. Los usuarios autenticados que emiten comandos `SETRANGE` y `SORT(_RO)` especialmente manipulados pueden desencadenar un desbordamiento de enteros, lo que hace que Redis intente asignar cantidades imposibles de memoria y aborte con un pánico de falta de memoria (OOM). El problema se solucionó en las versiones 7.0.8, 6.2.9 y 6.0.17 de Redis. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2023-01-20 CVE Published
- 2024-04-26 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/redis/redis/releases/tag/6.0.17 | Release Notes | |
https://github.com/redis/redis/releases/tag/6.2.9 | Release Notes | |
https://github.com/redis/redis/releases/tag/7.0.8 | Release Notes | |
https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 | 2023-02-02 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.0.0 < 6.0.17 Search vendor "Redis" for product "Redis" and version " >= 6.0.0 < 6.0.17" | - |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.2.0 < 6.2.9 Search vendor "Redis" for product "Redis" and version " >= 6.2.0 < 6.2.9" | - |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.0.0 < 7.0.8 Search vendor "Redis" for product "Redis" and version " >= 7.0.0 < 7.0.8" | - |
Affected
|