PT-2022-4850 · Redis+3 · Redis+3

Seunghyun Lee

Published

2022-09-21

Updated

2025-10-21

CVE-2022-35951

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Redis versions 7.0.0 through 7.0.4

Description The issue is related to an integer overflow when handling the COUNT argument in the XAUTOCLAIM command on a stream key in a specific state. This may cause a subsequent heap overflow and potentially lead to remote code execution. The problem affects the 7.x branch and requires access to execute queries to carry out an attack.

Recommendations For Redis versions 7.0.0 through 7.0.4, update to Redis version 7.0.5 to resolve the issue. As a temporary workaround, consider restricting access to the XAUTOCLAIM command to minimize the risk of exploitation. Avoid using a specially crafted COUNT argument in the affected command until the issue is resolved.

Exploit

Fix

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025_16880

ALT-PU-2023-4982

ALT-PU-2025-11673

ALT-PU-2025-13204

BDU:2022-05912

BIT-KEYDB-2022-35951

BIT-REDIS-2022-35951

BIT-VALKEY-2022-35951

CVE-2022-35951

GHSA-5GC4-76RX-22C9

OPENSUSE-SU-2024:12361-1

ROSA-SA-2023-2296

Affected Products

Alt Linux

Astra Linux

Red Os

Redis

PT-2022-4850 · Redis+3 · Redis+3

CVE-2022-35951

Weakness Enumeration

Related Identifiers

Affected Products

References · 34