Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-35977

Опубликовано: 17 янв. 2023
Источник: redhat
CVSS3: 5.5
EPSS Средний

Описание

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

A flaw was found in Redis, an in-memory database that persists on disk. This flaw allows authenticated users to issue specially crafted SETRANGE and SORT(_RO) commands to trigger an integer overflow, resulting in Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat 3scale API Management Platform 23scale-amp-backend-containerAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Not affected
Red Hat Ansible Automation Platform 1.2ansible-towerAffected
Red Hat Enterprise Linux 8redisWill not fix
Red Hat Enterprise Linux 9redisWill not fix
Red Hat Fuse 7redisNot affected
Red Hat OpenStack Platform 13 (Queens)redisOut of support scope
Red Hat Quay 3quay/quay-rhel8Will not fix
Red Hat Satellite 6satellite:el8/rubygem-gitlab-sidekiq-fetcherNot affected
Red Hat Satellite 6tfm-rubygem-gitlab-sidekiq-fetcherNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2163133redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic

EPSS

Процентиль: 97%
0.40816
Средний

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-35977

CVSS3: 5.5
ubuntu
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

nvd логотип

CVE-2022-35977

CVSS3: 5.5
nvd
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

msrc логотип

CVE-2022-35977

CVSS3: 5.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-35977

CVSS3: 5.5
debian
больше 2 лет назад

Redis is an in-memory database that persists on disk. Authenticated us ...

suse-cvrf логотип

SUSE-SU-2023:0274-1

suse-cvrf
больше 2 лет назад

Security update for redis

EPSS

Процентиль: 97%
0.40816
Средний

5.5 Medium

CVSS3