CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-190"
    ]
}

References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type: GIT
Repo: https://github.com/redis/redis
Events: Introduced

d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc

Fixed

1c75ab062d0cb1f3af57e39a399325b9e917e85f

Type: GIT
Repo: https://github.com/redis/redis
Events: Introduced

445aa844b946a8f1bc21ac8554b44adb1ecb4018

Fixed

137696d80811c25b918f7f543bcbe8c9c142f49d

Type: GIT
Repo: https://github.com/redis/redis
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6ed4dc5052488ba88d2b759d494b2d8083a46206

Affected versions

1.*

1.3.6

2.*

2.2-alpha0

2.2-alpha1

2.2-alpha2

2.2-alpha3

2.2-alpha4

2.2-alpha5

2.2-alpha6

2.2.0-rc1

2.3-alpha0

3.*

3.0-alpha0

6.*

6.0-rc1

6.0-rc2

6.0-rc3

6.0-rc4

6.0.0

6.0.1

6.0.10

6.0.11

6.0.12

6.0.13

6.0.14

6.0.15

6.0.16

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

v1.*

v1.3.10

v1.3.11

v1.3.12

v1.3.7

v1.3.8

v1.3.9

v2.*

v2.0.0-rc1

v2.1.1-watch

Other

vm-playpen

with-deprecated-diskstore