CVE-2022-35977

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35977.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-190"
    ]
}

References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type

GIT

Repo

https://github.com/redis/redis

Events

Introduced

17dfd7cabbf7954f92b7a1243d4bb27fee5d4500

Fixed

6ed4dc5052488ba88d2b759d494b2d8083a46206

Introduced

445aa844b946a8f1bc21ac8554b44adb1ecb4018

Fixed

137696d80811c25b918f7f543bcbe8c9c142f49d

Introduced

d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc

Fixed

1c75ab062d0cb1f3af57e39a399325b9e917e85f

Fixed

1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7

Database specific

{
    "cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.17"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.2.9"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.8"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ]
}

Affected versions

6.*

6.0.0

6.0.1

6.0.10

6.0.11

6.0.12

6.0.13

6.0.14

6.0.15

6.0.16

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.2.0

6.2.1

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-35977.json"