CVE-2022-36021

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.0.18 Redis versions prior to 6.2.11 Redis versions prior to 7.0.9

Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time.

Recommendations Update to Redis version 6.0.18 or later for versions prior to 6.0.18. Update to Redis version 6.2.11 or later for versions prior to 6.2.11. Update to Redis version 7.0.9 or later for versions prior to 7.0.9. As a temporary workaround, consider restricting the use of SCAN and KEYS commands with specially crafted patterns until a patch is available.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407CWE-190

Related Identifiers

ALSA-2025:0595

ALSA-2025_16880

ALT-PU-2023-4982

ALT-PU-2023-5229

ALT-PU-2023-5230

ALT-PU-2023-5487

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-13830

BDU:2023-01308

BIT-KEYDB-2022-36021

BIT-REDIS-2022-36021

BIT-VALKEY-2022-36021

CESA-2025_0595

CVE-2022-36021

DLA-3361-1

DLA-3885-1

GHSA-JR7J-RFJ5-8XQV

INFSA-2025_0595

MGASA-2023-0086

OESA-2023-1184

OPENSUSE-SU-2023_2925-1

OPENSUSE-SU-2024:12743-1

RHSA-2025:0595

RHSA-2025_0595

RLSA-2025:0595

ROSA-SA-2023-2174

SUSE-SU-2023:0693-1

SUSE-SU-2023:0694-1

SUSE-SU-2023:2122-1

SUSE-SU-2023:2925-1

SUSE-SU-2023_0693-1

SUSE-SU-2023_0694-1

SUSE-SU-2023_2122-1

SUSE-SU-2023_2925-1

USN-6531-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

CVE-2022-36021

Weakness Enumeration

Related Identifiers

Affected Products

References · 101