CVE-2022-31144

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31144
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31144.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-31144
Aliases
Downstream
Related
Published
2022-07-19T20:15:13Z
Modified
2025-10-30T20:07:03.598916Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Potential heap overflow in Redis
Details

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Database specific 
{
    "cwe_ids": [
        "CWE-122"
    ]
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Introduced
d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc
Fixed
888effe4beb2c0ac8de1c863e635e45af3d3b329

Affected versions

7.*

7.0.0
7.0.1
7.0.2
7.0.3