Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may lead to a heap overflow, and potentially remote code execution. This issue affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. Versions 7.0.0 and above, prior to 7.0.5, are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, followed by a he...

BIT-VALKEY-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

BIT-VALKEY-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

BIT-KEYDB-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

BIT-REDIS-2022-31144 Potential heap overflow in Redis

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version...

BIT-REDIS-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

SUSE CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

CVE-2022-31144

A heap-based buffer overflow flaw was found in Redis within the XAUTOCLAIM command implementation. This flaw allows an attacker to craft the XAUTOCLAIM command with malicious data on a stream key in a specific state that triggers a heap-based buffer overflow, possibly enabling remote code executi...

ROS-20220929-02

A vulnerability in the Redis database management system DBMS XAUTOCLAIM command implementation is related to an integer overflow during COUNT argument processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

Vulnerability fixed in Redis

A vulnerability has been fixed in Redis. The vulnerability allows a malicious party to use heap overflow to execute arbitrary code with user privileges or a denial-of-service DoS. To exploit the vulnerability, a malicious party must issue an XAUTOCLAIM command with a rogue COUNT argument on a key...

CVE-2022-35951

An Integer Overflow attack vulnerability was found in Redis, an in-memory database that persists on disk. Executing a XAUTOCLAIM command on a stream key in a specific state with a specially crafted COUNT argument may cause an integer overflow, and a subsequent heap overflow, potentially leading t...

The vulnerability of the XAUTOCLAIM command implementation in the Redis database management system allows a hacker to execute arbitrary code.

The vulnerability of the XAUTOCLAIM command in the Redis database management system is related to a numerical overflow when processing the COUNT argument. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Remote Code Execution (RCE)

Redis is vulnerable to Remote Code Execution RCE. The vulnerability exists due to an integer overflow when executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument allowing an attacker to inject maliciously crafted code into the system...

CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

CVE-2022-35951

Redis 7.0.0–7.0.4 are vulnerable to an integer overflow in the XAUTOCLAIM handling on a stream key with a crafted COUNT, which can cause a heap overflow and potentially remote code execution. The issue is fixed in Redis 7.0.5; upgrades to 7.0.5 or later are recommended. Affected versions and the ...

CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

CVE-2022-35951

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

CVE-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap...

redis -- Potential remote code execution vulnerability

The Redis core team reports: Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer...