CVE-2022-36021

Redis string pattern matching can be abused to achieve Denial of Service

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.

A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time.

Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2022-07-15 CVE Reserved
2023-03-01 CVE Published
2025-03-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-407: Inefficient Algorithmic Complexity

CAPEC

References (4)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84	2023-11-07

URL	Date	SRC
https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv	2023-11-07
https://access.redhat.com/security/cve/CVE-2022-36021	2025-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=2174305	2025-01-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redis Search vendor "Redis"		Redis Search vendor "Redis" for product "Redis"				< 6.0.18 Search vendor "Redis" for product "Redis" and version " < 6.0.18"		-		Affected
Redis Search vendor "Redis"		Redis Search vendor "Redis" for product "Redis"				>= 6.2.0 < 6.2.11 Search vendor "Redis" for product "Redis" and version " >= 6.2.0 < 6.2.11"		-		Affected
Redis Search vendor "Redis"		Redis Search vendor "Redis" for product "Redis"				>= 7.0.0 < 7.0.9 Search vendor "Redis" for product "Redis" and version " >= 7.0.0 < 7.0.9"		-		Affected