Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-35951

Опубликовано: 23 сент. 2022
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS3: 7

Описание

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

5:7.0.15-1build2
esm-apps/bionic

not-affected

code not present
esm-apps/focal

not-affected

code not present
esm-apps/jammy

not-affected

code not present
esm-apps/noble

not-affected

5:7.0.12-1
esm-apps/xenial

not-affected

code not present
esm-infra-legacy/trusty

not-affected

code not present
focal

not-affected

code not present
jammy

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.8402
Высокий

7 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-35951

CVSS3: 9.8
redhat
почти 3 года назад

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

nvd логотип

CVE-2022-35951

CVSS3: 7
nvd
почти 3 года назад

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

debian логотип

CVE-2022-35951

CVSS3: 7
debian
почти 3 года назад

Redis is an in-memory database that persists on disk. Versions 7.0.0 a ...

fstec логотип

BDU:2022-05912

CVSS3: 7
fstec
почти 3 года назад

Уязвимость реализации команды XAUTOCLAIM системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20220929-02

redos
почти 3 года назад

Уязвимость Redis

EPSS

Процентиль: 99%
0.8402
Высокий

7 High

CVSS3