CVE-2022-35951 Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow.

Redis is an in-memory database that persists on disk. Versions 6.0.0 and above, prior to 6.0.5 are vulnerable to a NULL Pointer Dereference. An attacker may be able to cause a denial of service by sending specially crafted messages to the `server` command. This has been patched in Redis version 6.0.5. No known workarounds exist. Redis is an in-memory database that persists on disk. Versions 5.0.0 and above are vulnerable to a Denial of Service via Network. Redis is prone to denial of service due to a network issue. This has been patched in Redis version 5.0.5. No known workarounds exist. Redis is an in-memory database that persists on disk. Versions 3.2.0 and above are vulnerable to a Denial of Service via Server Failure. Redis is prone to a denial of service due to a server failure. This has been patched in Redis version 3.2.5. No known workarounds exist. Redis is an in-memory database that persists on disk. Versions 0.9.0 and above are vulnerable to a Denial of Service via Server Failure. Redis is prone to a denial of service due to a server failure. This has been patched in Redis version 0.9.10. No known workarounds exist. Redis is an in-memory

Redis Overview

Redis is an open source, in-memory data structure store with support for different types of aggregates including lists, sets, sorted sets, hashes, and hyperloglogs. It is written in ANSI C. Redis is a single-threaded server that persists its data to disk only when it absolutely must do so.
Redis is vulnerable to denial of service due to a server failure. Versions 0.9.0 and above are vulnerable to a Denial of Service via Server Failure. Redis is prone to a denial of service due to a server failure. This has been patched in Redis version 0.9.10. No known workarounds exist.

What is Redis?

Redis is a key-value database with advanced features such as atomic operations, pipelining, and pub/sub. It has support for data types such as strings, hashes, lists, sets, sorted sets and hyperloglogs.

Timeline

Published on: 09/23/2022 04:15:00 UTC
Last modified on: 11/09/2022 20:40:00 UTC

References

• https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7INCOOFPPEAKNDBZU3TIZJPYXBULI2C/
• https://security.gentoo.org/glsa/202209-17
• https://security.netapp.com/advisory/ntap-20221020-0005/
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35951