Vulnerability-Lookup

CVE-2022-35977 (GCVE-0-2022-35977)

Vulnerability from cvelistv5 – Published: 2023-01-20 18:19 – Updated: 2025-11-03 21:46

Title

Integer overflow in certain command arguments can drive Redis to OOM panic

Summary

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/redis/redis/security/advisorie…	x_refsource_CONFIRM
https://github.com/redis/redis/commit/1ec82e6e97e…	x_refsource_MISC
https://github.com/redis/redis/releases/tag/6.0.17	x_refsource_MISC
https://github.com/redis/redis/releases/tag/6.2.9	x_refsource_MISC
https://github.com/redis/redis/releases/tag/7.0.8	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
redis	redis	Affected: >= 7.0, < 7.0.8 Affected: >= 6.2, < 6.2.9 Affected: < 6.0.17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:46:27.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
          },
          {
            "name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
          },
          {
            "name": "https://github.com/redis/redis/releases/tag/6.0.17",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/redis/redis/releases/tag/6.0.17"
          },
          {
            "name": "https://github.com/redis/redis/releases/tag/6.2.9",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/redis/redis/releases/tag/6.2.9"
          },
          {
            "name": "https://github.com/redis/redis/releases/tag/7.0.8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/redis/redis/releases/tag/7.0.8"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T20:59:39.619602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T21:21:26.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "redis",
          "vendor": "redis",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 7.0, \u003c 7.0.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.2, \u003c 6.2.9"
            },
            {
              "status": "affected",
              "version": "\u003c 6.0.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-20T18:19:27.692Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
        },
        {
          "name": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
        },
        {
          "name": "https://github.com/redis/redis/releases/tag/6.0.17",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/redis/redis/releases/tag/6.0.17"
        },
        {
          "name": "https://github.com/redis/redis/releases/tag/6.2.9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/redis/redis/releases/tag/6.2.9"
        },
        {
          "name": "https://github.com/redis/redis/releases/tag/7.0.8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/redis/redis/releases/tag/7.0.8"
        }
      ],
      "source": {
        "advisory": "GHSA-mrcw-fhw9-fj8j",
        "discovery": "UNKNOWN"
      },
      "title": "Integer overflow in certain command arguments can drive Redis to OOM panic"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-35977",
    "datePublished": "2023-01-20T18:19:27.692Z",
    "dateReserved": "2022-07-15T23:52:24.278Z",
    "dateUpdated": "2025-11-03T21:46:27.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-35977",
      "date": "2026-05-27",
      "epss": "0.35552",
      "percentile": "0.97132"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.0.17\", \"matchCriteriaId\": \"686AC0A4-C41D-483F-AB78-F000D3177488\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.2.0\", \"versionEndExcluding\": \"6.2.9\", \"matchCriteriaId\": \"0987D1A6-7DB8-468A-92E2-4C9F4BC41430\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0.0\", \"versionEndExcluding\": \"7.0.8\", \"matchCriteriaId\": \"4E8878EC-13C4-4C33-A80E-5F1D4E7A5A19\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Redis es una base de datos en memoria que persiste en el disco. Los usuarios autenticados que emiten comandos `SETRANGE` y `SORT(_RO)` especialmente manipulados pueden desencadenar un desbordamiento de enteros, lo que hace que Redis intente asignar cantidades imposibles de memoria y aborte con un p\\u00e1nico de falta de memoria (OOM). El problema se solucion\\u00f3 en las versiones 7.0.8, 6.2.9 y 6.0.17 de Redis. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.\"}]",
      "id": "CVE-2022-35977",
      "lastModified": "2024-11-21T07:12:05.760",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2023-01-20T19:15:14.470",
      "references": "[{\"url\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-35977\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-20T19:15:14.470\",\"lastModified\":\"2025-11-03T22:15:59.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Redis es una base de datos en memoria que persiste en el disco. Los usuarios autenticados que emiten comandos `SETRANGE` y `SORT(_RO)` especialmente manipulados pueden desencadenar un desbordamiento de enteros, lo que hace que Redis intente asignar cantidades imposibles de memoria y aborte con un p\u00e1nico de falta de memoria (OOM). El problema se solucion\u00f3 en las versiones 7.0.8, 6.2.9 y 6.0.17 de Redis. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.0.17\",\"matchCriteriaId\":\"686AC0A4-C41D-483F-AB78-F000D3177488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2.0\",\"versionEndExcluding\":\"6.2.9\",\"matchCriteriaId\":\"0987D1A6-7DB8-468A-92E2-4C9F4BC41430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndExcluding\":\"7.0.8\",\"matchCriteriaId\":\"4E8878EC-13C4-4C33-A80E-5F1D4E7A5A19\"}]}]}],\"references\":[{\"url\":\"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/6.0.17\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/6.2.9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/7.0.8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/6.0.17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/6.2.9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/releases/tag/7.0.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"name\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"name\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"name\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"name\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"name\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:46:27.537Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-35977\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T20:59:39.619602Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T20:59:40.956Z\"}}], \"cna\": {\"title\": \"Integer overflow in certain command arguments can drive Redis to OOM panic\", \"source\": {\"advisory\": \"GHSA-mrcw-fhw9-fj8j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"redis\", \"product\": \"redis\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 7.0, \u003c 7.0.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.2, \u003c 6.2.9\"}, {\"status\": \"affected\", \"version\": \"\u003c 6.0.17\"}]}], \"references\": [{\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"name\": \"https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"name\": \"https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"name\": \"https://github.com/redis/redis/releases/tag/6.0.17\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"name\": \"https://github.com/redis/redis/releases/tag/6.2.9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"name\": \"https://github.com/redis/redis/releases/tag/7.0.8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-190\", \"description\": \"CWE-190: Integer Overflow or Wraparound\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-01-20T18:19:27.692Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-35977\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:46:27.537Z\", \"dateReserved\": \"2022-07-15T23:52:24.278Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-01-20T18:19:27.692Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2023-AVI-0427

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar	IBM Qradar Advisor versions 2.5 à 2.6.4 antérieures à 2.6.5
IBM	QRadar	IBM QRadar Pulse App versions 1.x.x à 2.2.9 antérieures à 2.2.10
IBM	AIX	AIX version 7.3 TL1 antérieures à 7.3.1 avec le correctif de sécurité 32221a.230524.epkg.Z
IBM	QRadar SIEM	IBM Qradar SIEM versions 7.5.0 antérieures à 7.5.0 UP5
IBM	WebSphere	IBM WebSphere Application Server Liberty versions 17.0.0.3 à 23.0.0.5 antérieures à 23.0.0.6
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.x.x antérieures à 10.1.4
IBM	N/A	IBM Spectrum Protect Plus Db2 Agent versions 10.1.1x antérieures à 10.1.14
IBM	Spectrum	IBM Spectrum Protect Plus MongoDB Agent versions 10.1.x antérieures à 10.1.14
IBM	QRadar SIEM	IBM Qradar SIEM versions 7.4.3 antérieures à 7.4.3 FP9

References

Title

Publication Time

CERTFR-2023-AVI-0427

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar	IBM Qradar Advisor versions 2.5 à 2.6.4 antérieures à 2.6.5
IBM	QRadar	IBM QRadar Pulse App versions 1.x.x à 2.2.9 antérieures à 2.2.10
IBM	AIX	AIX version 7.3 TL1 antérieures à 7.3.1 avec le correctif de sécurité 32221a.230524.epkg.Z
IBM	QRadar SIEM	IBM Qradar SIEM versions 7.5.0 antérieures à 7.5.0 UP5
IBM	WebSphere	IBM WebSphere Application Server Liberty versions 17.0.0.3 à 23.0.0.5 antérieures à 23.0.0.6
IBM	QRadar WinCollect Agent	IBM QRadar WinCollect Agent versions 10.x.x antérieures à 10.1.4
IBM	N/A	IBM Spectrum Protect Plus Db2 Agent versions 10.1.1x antérieures à 10.1.14
IBM	Spectrum	IBM Spectrum Protect Plus MongoDB Agent versions 10.1.x antérieures à 10.1.14
IBM	QRadar SIEM	IBM Qradar SIEM versions 7.4.3 antérieures à 7.4.3 FP9

References

Title

Publication Time

alsa-2025:0595

Vulnerability from osv_almalinux

Published

2025-01-22 00:00

Modified

2025-01-22 23:19

Summary

Important: redis:6 security update

Details

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service (CVE-2023-22458)
redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic (CVE-2022-35977)
redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow (CVE-2022-36021)
redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack (CVE-2023-25155)
redis: Insufficient validation of HINCRBYFLOAT command (CVE-2023-28856)
redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)
redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)
redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)
redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)
redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:0595	ADVISORY
	https://access.redhat.com/security/cve/CVE-2022-24834	REPORT
	https://access.redhat.com/security/cve/CVE-2022-35977	REPORT
	https://access.redhat.com/security/cve/CVE-2022-36021	REPORT
	https://access.redhat.com/security/cve/CVE-2023-22458	REPORT
	https://access.redhat.com/security/cve/CVE-2023-25155	REPORT
	https://access.redhat.com/security/cve/CVE-2023-28856	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45145	REPORT
	https://access.redhat.com/security/cve/CVE-2024-31228	REPORT
	https://access.redhat.com/security/cve/CVE-2024-31449	REPORT
	https://access.redhat.com/security/cve/CVE-2024-46981	REPORT
	https://bugzilla.redhat.com/2163132	REPORT
	https://bugzilla.redhat.com/2163133	REPORT
	https://bugzilla.redhat.com/2174305	REPORT
	https://bugzilla.redhat.com/2174306	REPORT
	https://bugzilla.redhat.com/2187525	REPORT
	https://bugzilla.redhat.com/2221662	REPORT
	https://bugzilla.redhat.com/2244940	REPORT
	https://bugzilla.redhat.com/2317056	REPORT
	https://bugzilla.redhat.com/2317058	REPORT
	https://bugzilla.redhat.com/2336004	REPORT
	https://errata.almalinux.org/8/ALSA-2025-0595.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.2.17-1.module_el8.10.0+3946+3de613d5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "redis-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.2.17-1.module_el8.10.0+3946+3de613d5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "redis-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.2.17-1.module_el8.10.0+3946+3de613d5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.  \n\nSecurity Fix(es):  \n\n  * redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service (CVE-2023-22458)\n  * redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic (CVE-2022-35977)\n  * redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow (CVE-2022-36021)\n  * redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack (CVE-2023-25155)\n  * redis: Insufficient validation of HINCRBYFLOAT command (CVE-2023-28856)\n  * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)\n  * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)\n  * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)\n  * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)\n  * redis: Redis\u0027 Lua library commands may lead to remote code execution (CVE-2024-46981)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:0595",
  "modified": "2025-01-22T23:19:00Z",
  "published": "2025-01-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:0595"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-24834"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-35977"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-36021"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-22458"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-25155"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-28856"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45145"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-31228"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-31449"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-46981"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2163132"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2163133"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2174305"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2174306"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2187525"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2221662"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2244940"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2317056"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2317058"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2336004"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-0595.html"
    }
  ],
  "related": [
    "CVE-2023-22458",
    "CVE-2022-35977",
    "CVE-2022-36021",
    "CVE-2023-25155",
    "CVE-2023-28856",
    "CVE-2022-24834",
    "CVE-2023-45145",
    "CVE-2024-31449",
    "CVE-2024-31228",
    "CVE-2024-46981"
  ],
  "summary": "Important: redis:6 security update"
}

BDU:2023-00695

Vulnerability from fstec - Published: 20.01.2023

Title

Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением при обработке объектов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость системы управления базами данных (СУБД) Redis связана с целочисленным переполнением при обработке объектов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании с помощью команд SETRANGE и SORT/SORT_RO

Severity


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Novell Inc., ООО «Ред Софт», Redis Labs, АО «НТЦ ИТ РОСА», АО "НППКТ"

Software Name

openSUSE Tumbleweed, РЕД ОС (запись в едином реестре российских программ №3751), OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager Proxy, SUSE Manager Server, SUSE Enterprise Storage, SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Real Time, Redis, РОСА ХРОМ (запись в едином реестре российских программ №1607), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

- (openSUSE Tumbleweed), 7.3 (РЕД ОС), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 7 (SUSE Enterprise Storage), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), 7.1 (SUSE Enterprise Storage), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Real Time), от 6.0.0 до 6.0.17 (Redis), от 6.2.0 до 6.2.9 (Redis), от 7.0.0 до 7.0.8 (Redis), 12.4 (РОСА ХРОМ), до 2.8 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Redis: https://github.com/redis/redis/releases/tag/6.0.17 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2022-35977.html Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2174 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения redis до версии 5:7.0.12-1

Reference

https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-redis-cve-2022-35977/?sphrase_id=126167 https://nvd.nist.gov/vuln/detail/CVE-2022-35977 https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7 https://github.com/redis/redis/releases/tag/6.0.17 https://github.com/redis/redis/releases/tag/6.2.9 https://github.com/redis/redis/releases/tag/7.0.8 https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j https://vuldb.com/ru/?id.219068 https://www.suse.com/security/cve/CVE-2022-35977.html https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2174 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Redis Labs, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (openSUSE Tumbleweed), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 15.4 (OpenSUSE Leap), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Proxy), 4.2 (SUSE Manager Server), 7 (SUSE Enterprise Storage), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP4 (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 4.2 (SUSE Manager Retail Branch Server), 15 SP2-LTSS (Suse Linux Enterprise Server), 4.3 (SUSE Manager Retail Branch Server), 4.3 (SUSE Manager Proxy), 4.3 (SUSE Manager Server), 15 SP4 (SUSE Linux Enterprise High Performance Computing), 15 SP4 (SUSE Linux Enterprise Module for Server Applications), 7.1 (SUSE Enterprise Storage), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing), 15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing), 15 SP3 (SUSE Linux Enterprise Real Time), \u043e\u0442 6.0.0 \u0434\u043e 6.0.17 (Redis), \u043e\u0442 6.2.0 \u0434\u043e 6.2.9 (Redis), \u043e\u0442 7.0.0 \u0434\u043e 7.0.8 (Redis), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Redis:\nhttps://github.com/redis/redis/releases/tag/6.0.17 \nhttps://github.com/redis/redis/releases/tag/6.2.9 \nhttps://github.com/redis/redis/releases/tag/7.0.8\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-35977.html\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2174\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f redis \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5:7.0.12-1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.02.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00695",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-35977",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "openSUSE Tumbleweed, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), OpenSUSE Leap, SUSE Linux Enterprise Server for SAP Applications, SUSE Manager Proxy, SUSE Manager Server, SUSE Enterprise Storage, SUSE Linux Enterprise High Performance Computing, Suse Linux Enterprise Server, SUSE Manager Retail Branch Server, SUSE Linux Enterprise Module for Server Applications, SUSE Linux Enterprise Real Time, Redis, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. openSUSE Tumbleweed - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Novell Inc. OpenSUSE Leap 15.4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. SUSE Linux Enterprise Real Time 15 SP3 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (\u0421\u0423\u0411\u0414) Redis \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043a\u043e\u043c\u0430\u043d\u0434 SETRANGE \u0438 SORT/SORT_RO",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-redis-cve-2022-35977/?sphrase_id=126167\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-35977\nhttps://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7  \nhttps://github.com/redis/redis/releases/tag/6.0.17 \nhttps://github.com/redis/redis/releases/tag/6.2.9 \nhttps://github.com/redis/redis/releases/tag/7.0.8 \nhttps://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j\nhttps://vuldb.com/ru/?id.219068\nhttps://www.suse.com/security/cve/CVE-2022-35977.html\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2174\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

bit-keydb-2022-35977

Vulnerability from bitnami_vulndb

Published

2024-08-22 19:25

Modified

2025-11-06 13:25

Summary

Integer overflow in certain command arguments can drive Redis to OOM panic

Details

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "keydb",
        "purl": "pkg:bitnami/keydb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.17"
            },
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.2.9"
            },
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.8"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35977"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
  "id": "BIT-keydb-2022-35977",
  "modified": "2025-11-06T13:25:46.476Z",
  "published": "2024-08-22T19:25:58.150Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.0.17"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.2.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Integer overflow in certain command arguments can drive Redis to OOM panic"
}

bit-redis-2022-35977

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:05

Modified

2025-11-06 13:25

Summary

Integer overflow in certain command arguments can drive Redis to OOM panic

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "redis",
        "purl": "pkg:bitnami/redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.17"
            },
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.2.9"
            },
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.8"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35977"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
  "id": "BIT-redis-2022-35977",
  "modified": "2025-11-06T13:25:46.476Z",
  "published": "2024-03-06T11:05:24.585Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.0.17"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.2.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Integer overflow in certain command arguments can drive Redis to OOM panic"
}

bit-valkey-2022-35977

Vulnerability from bitnami_vulndb

Published

2024-08-22 19:43

Modified

2025-05-20 10:02

Summary

Integer overflow in certain command arguments can drive Redis to OOM panic

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "valkey",
        "purl": "pkg:bitnami/valkey"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.17"
            },
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.2.9"
            },
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.0.8"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-35977"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
  },
  "details": "Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
  "id": "BIT-valkey-2022-35977",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-08-22T19:43:23.652Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.0.17"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/6.2.9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/releases/tag/7.0.8"
    },
    {
      "type": "WEB",
      "url": "https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Integer overflow in certain command arguments can drive Redis to OOM panic"
}

cleanstart-2026-af35851

Vulnerability from cleanstart

Published

2026-03-10 01:02

Modified

2026-03-09 13:15

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2015-8080	WEB
	https://osv.dev/vulnerability/CVE-2019-10192	WEB
	https://osv.dev/vulnerability/CVE-2019-10193	WEB
	https://osv.dev/vulnerability/CVE-2020-14147	WEB
	https://osv.dev/vulnerability/CVE-2021-32625	WEB
	https://osv.dev/vulnerability/CVE-2021-32626	WEB
	https://osv.dev/vulnerability/CVE-2021-32627	WEB
	https://osv.dev/vulnerability/CVE-2021-32628	WEB
	https://osv.dev/vulnerability/CVE-2021-32672	WEB
	https://osv.dev/vulnerability/CVE-2021-32675	WEB
	https://osv.dev/vulnerability/CVE-2021-32687	WEB
	https://osv.dev/vulnerability/CVE-2021-32762	WEB
	https://osv.dev/vulnerability/CVE-2021-41099	WEB
	https://osv.dev/vulnerability/CVE-2022-24736	WEB
	https://osv.dev/vulnerability/CVE-2022-24834	WEB
	https://osv.dev/vulnerability/CVE-2022-35977	WEB
	https://osv.dev/vulnerability/CVE-2022-3647	WEB
	https://osv.dev/vulnerability/CVE-2023-36824	WEB
	https://osv.dev/vulnerability/CVE-2023-41053	WEB
	https://osv.dev/vulnerability/CVE-2023-41056	WEB
	https://osv.dev/vulnerability/CVE-2023-45145	WEB
	https://osv.dev/vulnerability/CVE-2024-31227	WEB
	https://osv.dev/vulnerability/CVE-2024-31228	WEB
	https://osv.dev/vulnerability/CVE-2024-31449	WEB
	https://osv.dev/vulnerability/CVE-2025-46817	WEB
	https://osv.dev/vulnerability/CVE-2025-46818	WEB
	https://osv.dev/vulnerability/CVE-2025-46819	WEB
	https://osv.dev/vulnerability/CVE-2025-49844	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2015-8080	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10192	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14147	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32625	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32626	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32627	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32628	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32672	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32675	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32687	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32762	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-41099	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24736	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24834	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-35977	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3647	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-36824	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41053	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-45145	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31227	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31228	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31449	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46818	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-49844	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-AF35851",
  "modified": "2026-03-09T13:15:34Z",
  "published": "2026-03-10T01:02:37.708854Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AF35851"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

cleanstart-2026-av02020

Vulnerability from cleanstart

Published

2026-03-10 00:58

Modified

2026-03-09 13:15

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2015-8080	WEB
	https://osv.dev/vulnerability/CVE-2019-10192	WEB
	https://osv.dev/vulnerability/CVE-2019-10193	WEB
	https://osv.dev/vulnerability/CVE-2020-14147	WEB
	https://osv.dev/vulnerability/CVE-2021-32625	WEB
	https://osv.dev/vulnerability/CVE-2021-32626	WEB
	https://osv.dev/vulnerability/CVE-2021-32627	WEB
	https://osv.dev/vulnerability/CVE-2021-32628	WEB
	https://osv.dev/vulnerability/CVE-2021-32672	WEB
	https://osv.dev/vulnerability/CVE-2021-32675	WEB
	https://osv.dev/vulnerability/CVE-2021-32687	WEB
	https://osv.dev/vulnerability/CVE-2021-32762	WEB
	https://osv.dev/vulnerability/CVE-2021-41099	WEB
	https://osv.dev/vulnerability/CVE-2022-24736	WEB
	https://osv.dev/vulnerability/CVE-2022-24834	WEB
	https://osv.dev/vulnerability/CVE-2022-35977	WEB
	https://osv.dev/vulnerability/CVE-2022-3647	WEB
	https://osv.dev/vulnerability/CVE-2023-36824	WEB
	https://osv.dev/vulnerability/CVE-2023-41053	WEB
	https://osv.dev/vulnerability/CVE-2023-41056	WEB
	https://osv.dev/vulnerability/CVE-2023-45145	WEB
	https://osv.dev/vulnerability/CVE-2024-31227	WEB
	https://osv.dev/vulnerability/CVE-2024-31228	WEB
	https://osv.dev/vulnerability/CVE-2024-31449	WEB
	https://osv.dev/vulnerability/CVE-2025-46817	WEB
	https://osv.dev/vulnerability/CVE-2025-46818	WEB
	https://osv.dev/vulnerability/CVE-2025-46819	WEB
	https://osv.dev/vulnerability/CVE-2025-49844	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2015-8080	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10192	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14147	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32625	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32626	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32627	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32628	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32672	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32675	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32687	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32762	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-41099	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24736	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24834	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-35977	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3647	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-36824	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41053	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-45145	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31227	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31228	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31449	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46818	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-49844	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.2.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-AV02020",
  "modified": "2026-03-09T13:15:34Z",
  "published": "2026-03-10T00:58:05.928030Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AV02020"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

cleanstart-2026-bx37171

Vulnerability from cleanstart

Published

2026-01-30 14:43

Modified

2026-01-29 18:58

Summary

Redis is an open source, in-memory database that persists on disk

Details

Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.

Severity

9.8 (Critical)


                    
                      CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2015-8080	WEB
	https://osv.dev/vulnerability/CVE-2019-10192	WEB
	https://osv.dev/vulnerability/CVE-2019-10193	WEB
	https://osv.dev/vulnerability/CVE-2020-14147	WEB
	https://osv.dev/vulnerability/CVE-2021-32625	WEB
	https://osv.dev/vulnerability/CVE-2021-32626	WEB
	https://osv.dev/vulnerability/CVE-2021-32627	WEB
	https://osv.dev/vulnerability/CVE-2021-32628	WEB
	https://osv.dev/vulnerability/CVE-2021-32672	WEB
	https://osv.dev/vulnerability/CVE-2021-32675	WEB
	https://osv.dev/vulnerability/CVE-2021-32687	WEB
	https://osv.dev/vulnerability/CVE-2021-32762	WEB
	https://osv.dev/vulnerability/CVE-2021-41099	WEB
	https://osv.dev/vulnerability/CVE-2022-24736	WEB
	https://osv.dev/vulnerability/CVE-2022-24834	WEB
	https://osv.dev/vulnerability/CVE-2022-35977	WEB
	https://osv.dev/vulnerability/CVE-2022-3647	WEB
	https://osv.dev/vulnerability/CVE-2023-36824	WEB
	https://osv.dev/vulnerability/CVE-2023-41053	WEB
	https://osv.dev/vulnerability/CVE-2023-41056	WEB
	https://osv.dev/vulnerability/CVE-2023-45145	WEB
	https://osv.dev/vulnerability/CVE-2024-31227	WEB
	https://osv.dev/vulnerability/CVE-2024-31228	WEB
	https://osv.dev/vulnerability/CVE-2024-31449	WEB
	https://osv.dev/vulnerability/CVE-2025-46817	WEB
	https://osv.dev/vulnerability/CVE-2025-46818	WEB
	https://osv.dev/vulnerability/CVE-2025-46819	WEB
	https://osv.dev/vulnerability/CVE-2025-49844	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2015-8080	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10192	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2019-10193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-14147	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32625	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32626	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32627	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32628	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32672	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32675	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32687	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-32762	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-41099	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24736	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24834	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-35977	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3647	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-36824	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41053	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-41056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-45145	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31227	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31228	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-31449	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46817	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46818	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46819	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-49844	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "redis"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.4-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the redis package. Redis is an open source, in-memory database that persists on disk. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-BX37171",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T14:43:22.549529Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BX37171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-49844"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8080"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10192"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14147"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32626"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32627"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32628"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32672"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32675"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32687"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32762"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41099"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24736"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24834"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35977"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3647"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41053"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45145"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31227"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31228"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31449"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46818"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46819"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Redis is an open source, in-memory database that persists on disk",
  "upstream": [
    "CVE-2015-8080",
    "CVE-2019-10192",
    "CVE-2019-10193",
    "CVE-2020-14147",
    "CVE-2021-32625",
    "CVE-2021-32626",
    "CVE-2021-32627",
    "CVE-2021-32628",
    "CVE-2021-32672",
    "CVE-2021-32675",
    "CVE-2021-32687",
    "CVE-2021-32762",
    "CVE-2021-41099",
    "CVE-2022-24736",
    "CVE-2022-24834",
    "CVE-2022-35977",
    "CVE-2022-3647",
    "CVE-2023-36824",
    "CVE-2023-41053",
    "CVE-2023-41056",
    "CVE-2023-45145",
    "CVE-2024-31227",
    "CVE-2024-31228",
    "CVE-2024-31449",
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-35977 (GCVE-0-2022-35977)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Vulnerability from cleanstart

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature