Heap overflow in Redis 7.0 XAUTOCLAIM command's COUNT argument.
XAUTOCLAIM command on a stream key in a specific state, with a specially crafted
COUNT argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer.
The problem is fixed in Redis version 7.0.5.
This problem was identified by Xion (SeungHyun Lee) of KAIST GoN.
For more information
If you have any questions or comments about this advisory: