CVE-2022-35977
MEDIUM severity · CVSS 5.5 · Integer overflow
5.5CVSS MEDIUM
Summary
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactNone
Integrity impactNone
Availability impactHigh
Exploit probability (EPSS)36%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 ↗
Additional information
- NVD record
- https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7Patch
- https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7Patch
- https://github.com/redis/redis/releases/tag/6.0.17Advisory
- https://github.com/redis/redis/releases/tag/6.2.9Advisory
- https://github.com/redis/redis/releases/tag/7.0.8Advisory
- https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8jAdvisory
- https://github.com/redis/redis/releases/tag/6.0.17Advisory
- https://github.com/redis/redis/releases/tag/6.2.9Advisory