CVE-2022-35977 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-35977

CVE-2022-35977

January 20, 2023

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted "SETRANGE" and "SORT(_RO)" commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Resources (12)

https://github.com/redis/redis/releases/tag/6.0.17

https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7

https://github.com/redis/redis/security/advisories/GHSA-mrcw-fhw9-fj8j

https://nvd.nist.gov/vuln/detail/CVE-2022-35977

https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35977.json

https://github.com/redis/redis/releases/tag/7.0.8

https://github.com/redis/redis/releases/tag/6.2.9

https://access.redhat.com/security/cve/CVE-2022-35977

https://security-tracker.debian.org/tracker/CVE-2022-35977

https://lists.debian.org/debian-lts-announce/2024/11/msg00031.html

https://security.alpinelinux.org/vuln/CVE-2022-35977