CVE-2022-31144

EPSS 21.25%
Veröffentlicht 19.07.2022 21:15:15
Zuletzt bearbeitet 21.11.2024 07:03:59
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 7.0 < 7.0.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	21.25%	0.957

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202209-17

Third Party Advisory

https://github.com/redis/redis/releases/tag/7.0.4

Third Party Advisory

Release Notes

https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220909-0002/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31144