Skip to content

Heap overflow in Redis 7.0 XAUTOCLAIM command's COUNT argument.

High
yossigo published GHSA-5gc4-76rx-22c9 Sep 22, 2022

Package

Redis (N/A)

Affected versions

>= 7.0.0

Patched versions

7.0.5

Description

Impact

Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer.

Patches

The problem is fixed in Redis version 7.0.5.

Credits

This problem was identified by Xion (SeungHyun Lee) of KAIST GoN.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.0
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE ID

CVE-2022-35951

Weaknesses