Redis 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 XAUTOCLAIM Command integer overflow

A vulnerability was found in Redis 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 and classified as critical. This issue affects an unknown part of the component XAUTOCLAIM Command Handler. Upgrading to version 7.0.5 eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

131

Field

exploit_price_0day1
vulnerability_cvss3_meta_tempscore1
vulnerability_cvss3_meta_basescore1
vulnerability_cvss3_vuldb_tempscore1
vulnerability_cvss3_vuldb_basescore1

Commit Conf

90%40
50%10

Approve Conf

90%40
80%10
IDCommitedUserFieldChangeRemarksAcceptedReasonC
1302336809/23/2022VulD...price_0day$0-$5ksee exploit price documentation09/23/2022accepted
90
1302336709/23/2022VulD...cvss3_meta_tempscore5.9see CVSS documentation09/23/2022accepted
90
1302336609/23/2022VulD...cvss3_meta_basescore6.0see CVSS documentation09/23/2022accepted
90
1302336509/23/2022VulD...cvss3_vuldb_tempscore4.8see CVSS documentation09/23/2022accepted
90
1302336409/23/2022VulD...cvss3_vuldb_basescore5.0see CVSS documentation09/23/2022accepted
90
1302336309/23/2022VulD...cvss2_vuldb_tempscore4.0see CVSS documentation09/23/2022accepted
90
1302336209/23/2022VulD...cvss2_vuldb_basescore4.6see CVSS documentation09/23/2022accepted
90
1302336109/23/2022VulD...cvss3_cna_basescore7.0see CVSS documentation09/23/2022accepted
90
1302336009/23/2022VulD...cvss3_vuldb_eXderived from historical data09/23/2022accepted
80
1302335909/23/2022VulD...cvss2_vuldb_eNDderived from historical data09/23/2022accepted
80
1302335809/23/2022VulD...cvss2_vuldb_auSderived from historical data09/23/2022accepted
80
1302335709/23/2022VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector09/23/2022accepted
80
1302335609/23/2022VulD...cvss2_vuldb_rcCderived from vuldb v3 vector09/23/2022accepted
80
1302335509/23/2022VulD...cvss2_vuldb_aiPderived from vuldb v3 vector09/23/2022accepted
80
1302335409/23/2022VulD...cvss2_vuldb_iiPderived from vuldb v3 vector09/23/2022accepted
80
1302335309/23/2022VulD...cvss2_vuldb_ciPderived from vuldb v3 vector09/23/2022accepted
80
1302335209/23/2022VulD...cvss2_vuldb_acHderived from vuldb v3 vector09/23/2022accepted
80
1302335109/23/2022VulD...cvss2_vuldb_avNderived from vuldb v3 vector09/23/2022accepted
80
1302335009/23/2022VulD...date1663884000 (09/23/2022)09/23/2022accepted
90
1302334909/23/2022VulD...cve_nvd_summaryRedis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.cve.org09/23/2022accepted
90

30 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!