Unrated severityNVD Advisory· Published Jul 19, 2022· Updated Apr 23, 2025

Potential heap overflow in Redis

CVE-2022-31144

Description

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

Affected products

Redis/Redisv5
Range: >= 7.0.0, < 7.0.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202209-17mitrevendor-advisoryx_refsource_GENTOO
github.com/redis/redis/releases/tag/7.0.4mitrex_refsource_MISC
github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrhmitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20220909-0002/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000