CVE-2022-31144

EPSS 17.49%
Published 19.07.2022 21:15:15
Last modified 21.11.2024 07:03:59
Source security-advisories@github.com
Teams watchlist Login
Open Login

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Affected products Warnungen 0 Metrics 3 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 7.0 < 7.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17.49%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202209-17

Third Party Advisory

https://github.com/redis/redis/releases/tag/7.0.4

Third Party Advisory

Release Notes

https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220909-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31144

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31144

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31144

EUVD