CVE-2022-31144
Summary
| CVE | CVE-2022-31144 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-19 21:15:00 UTC |
| Updated | 2022-10-07 15:49:00 UTC |
| Description | Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4. |
Risk And Classification
Problem Types: CWE-122
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Redis: Multiple Vulnerabilities (GLSA 202209-17) — Gentoo security | GENTOO | security.gentoo.org | |
| Release 7.0.4 · redis/redis · GitHub | MISC | github.com | |
| Potential heap overflow in Redis 7.0 XAUTOCLAIM command. · Advisory · redis/redis · GitHub | CONFIRM | github.com | |
| CVE-2022-31144 Redis Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 183925 Debian Security Update for redis (CVE-2022-31144)
- 502448 Alpine Linux Security Update for redis
- 504358 Alpine Linux Security Update for redis
- 690899 Free Berkeley Software Distribution (FreeBSD) Security Update for redis (871d93f9-06aa-11ed-8d5f-080027f5fec9)
- 710625 Gentoo Linux Redis Multiple Vulnerabilities (GLSA 202209-17)
- 902558 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (10318)
- 902560 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (10315)
- 905604 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (10315-1)
- 905662 Common Base Linux Mariner (CBL-Mariner) Security Update for redis (10318-1)