Lucene search

[email protected]CVE-2022-33105

HistoryJun 23, 2022 - 5:15 p.m.

CVE-2022-33105

2022-06-2317:15:00

CWE-401

[email protected]

web.nvd.nist.gov

cve-2022-33105

redis v7.0

memory leak

streamgetedgeid

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

CPENameOperatorVersion
redis:redisrediseq7.0

CPE	Name	Operator	Version
redis:redis	redis	eq	7.0

References

github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef

github.com/redis/redis/pull/10753

github.com/redis/redis/pull/10829

raw.githubusercontent.com/redis/redis/7.0.1/00-RELEASENOTES

security.gentoo.org/glsa/202209-17

security.netapp.com/advisory/ntap-20220729-0005/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2022-33105

redhatcve1 prion1 ubuntucve1 openvas1 osv2 debiancve1 photon2 nessus1 gentoo1