Unrated severityNVD Advisory· Published Jul 19, 2022· Updated Apr 23, 2025
Potential heap overflow in Redis
CVE-2022-31144
Description
Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:bitnami/keydbpkg:bitnami/redispkg:bitnami/valkeypkg:rpm/opensuse/redis&distro=openSUSE%20Tumbleweed
>= 7.0.0, < 7.0.4+ 3 more
- (no CPE)range: >= 7.0.0, < 7.0.4
- (no CPE)range: >= 7.0.0, < 7.0.4
- (no CPE)range: >= 7.0.0, < 7.0.4
- (no CPE)range: < 7.0.4-1.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202209-17mitrevendor-advisoryx_refsource_GENTOO
- github.com/redis/redis/releases/tag/7.0.4mitrex_refsource_MISC
- github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrhmitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20220909-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.