Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Published

2022-07-19T21:15:15.087

Last Modified

2024-11-21T07:03:59.330

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Secondary
CWE-122
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redis	redis	< 7.0.4	Yes

References

https://github.com/redis/redis/releases/tag/7.0.4 Release Notes, Third Party Advisory ([email protected])
https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202209-17 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20220909-0002/ Third Party Advisory ([email protected])
https://github.com/redis/redis/releases/tag/7.0.4 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202209-17 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220909-0002/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)