Skip to content
May 20, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Linux
  • Malware Attack
  • Open Source Tool
  • Technology
  • Vulnerability
  • Home
  • News
  • Vulnerability
  • CVE-2022-35951: Redis flaw could lead to execute arbitrary code attacks
  • Vulnerability

CVE-2022-35951: Redis flaw could lead to execute arbitrary code attacks

Ddos September 25, 2022 1 min read
CVE-2022-35951

The maintainers of the Redis have pushed software updates to fix a high-impact security vulnerability. Tracked as CVE-2022-35951, the security flaw has a CVSS score of 7.0 and is described as a heap overflow in Redis 7.0 XAUTOCLAIM command’s COUNT argument.

Redis is often referred to as a data structures server. What this means is that Redis provides access to mutable data structures via a set of commands, which are sent using a server-client model with TCP sockets and a simple protocol. So different processes can query and modify the same data structures in a shared way.

Redis could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow when executing a XAUTOCLAIM command on a stream key in a specific state. By using a specially-crafted COUNT argument, an attacker could exploit the CVE-2022-35951 vulnerability to execute arbitrary code on the system.

“Executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. The problem affects Redis versions 7.0.0 or newer,” read the security advisory.

A researcher Xion (SeungHyun Lee) of KAIST GoN has been credited with reporting the flaw to Redis.

Users of the library are recommended to upgrade to Redis version 7.0.5 to mitigate any potential threats.

Rate this post

Found this helpful?

If this article helped you, please share it with others who might benefit.

Tags: CVE-2022-35951 Redis

Continue Reading

Previous: CVE-2022-3236: Critical 0-day Sophos Firewall RCE Vulnerability
Next: CVE-2022-36934: WhatsApp execute arbitrary code flaw

Search

💙 Support Us!
We need 50 contributors this month to keep this site running.
14 of 50 supporters this month
☕ Buy Me a Coffee PayPalDonate
Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright © All rights reserved.
    x