Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-20T18:19:27.692Z

Updated: 2024-08-03T09:51:59.221Z

Reserved: 2022-07-15T23:52:24.278Z

Link: CVE-2022-35977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-01-20T19:15:14.470

Modified: 2024-11-21T07:12:05.760

Link: CVE-2022-35977

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-01-17T00:00:00Z

Links: CVE-2022-35977 - Bugzilla