CVE-2022-31144

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 7.0.0 through 7.0.3

Description The issue is related to a heap overflow that can potentially lead to remote code execution. This occurs when a specially crafted XAUTOCLAIM command is executed on a stream key in a specific state.

Recommendations For versions 7.0.0 through 7.0.3, update to version 7.0.4 to resolve the issue. As a temporary workaround, consider restricting the use of the XAUTOCLAIM command on stream keys until the patch is applied.

Exploit

Fix

RCE

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-4982

ALT-PU-2025-11673

ALT-PU-2025-13204

BDU:2022-04601

BIT-KEYDB-2022-31144

BIT-REDIS-2022-31144

BIT-VALKEY-2022-31144

CVE-2022-31144

GHSA-96F7-42FG-2JRH

OPENSUSE-SU-2024:12217-1

ROSA-SA-2023-2296

Affected Products

Alt Linux

Astra Linux

Redis

CVE-2022-31144

Weakness Enumeration

Related Identifiers

Affected Products

References · 24