CVE-2022-35977

Source
https://cve.org/CVERecord?id=CVE-2022-35977
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35977.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-35977
Aliases
Downstream
Related
Published
2023-01-20T18:19:27.692Z
Modified
2026-07-10T00:30:48.822621Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Integer overflow in certain command arguments can drive Redis to OOM panic
Details

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35977.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/redis/redis

Affected ranges

Type
GIT
Repo
https://github.com/redis/redis
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.17"
        },
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "6.2.9"
        },
        {
            "introduced": "7.0.0"
        },
        {
            "fixed": "7.0.8"
        }
    ]
}

Affected versions

6.*
6.0.0
6.0.1
6.0.10
6.0.11
6.0.12
6.0.13
6.0.14
6.0.15
6.0.16
6.0.2
6.0.3
6.0.4
6.0.5
6.0.6
6.0.7
6.0.8
6.0.9
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4
7.0.5
7.0.6
7.0.7

Database specific

vanir_signatures_modified
"2026-07-10T00:30:48Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35977.json"
vanir_signatures
[
    {
        "id": "CVE-2022-35977-3c7c1097",
        "digest": {
            "function_hash": "116971469754088312332483466748933374376",
            "length": 900.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "function": "appendCommand",
            "file": "src/t_string.c"
        }
    },
    {
        "id": "CVE-2022-35977-41b235f1",
        "digest": {
            "function_hash": "82540812152969398714332745819166932468",
            "length": 8263.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "function": "sortCommandGeneric",
            "file": "src/sort.c"
        }
    },
    {
        "id": "CVE-2022-35977-56893ded",
        "digest": {
            "function_hash": "32570897349986556830414094619646893432",
            "length": 239.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "function": "checkStringLength",
            "file": "src/t_string.c"
        }
    },
    {
        "id": "CVE-2022-35977-98932803",
        "digest": {
            "line_hashes": [
                "186433087898035617545730220172496680738",
                "203202165573339978193990582202674487602",
                "275809988698162680246583166226838038027",
                "73578043121461598977650673034568374077"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "file": "src/sort.c"
        }
    },
    {
        "id": "CVE-2022-35977-9ff164f5",
        "digest": {
            "line_hashes": [
                "248180385824619824772464830981375391534",
                "5067477213071492840981082149613366054",
                "241977057241639579814068567037512555282",
                "11990352999479870707193441629836517373",
                "100447336807789972624732637466025117494",
                "327100190278669955728844978483813395719",
                "130387995228581962465477485279535845614",
                "105722549271231642153270839899496344190",
                "294730995467472452864721434981947207124",
                "22245381654923832682850503174443857317",
                "130387995228581962465477485279535845614",
                "243453517739048749692954273661613904305",
                "308503519468359129265766654248724425353",
                "110330893842926084747435436159183528456",
                "51326573103712825352618788220523467272",
                "294796335562077490498565494534997136298",
                "134636369608514298103990068146183492358",
                "38595801910815835602387448741994528733"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "file": "src/t_string.c"
        }
    },
    {
        "id": "CVE-2022-35977-f965c2e0",
        "digest": {
            "function_hash": "68994465711976581911670797757864833457",
            "length": 1288.0
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
        "deprecated": false,
        "target": {
            "function": "setrangeCommand",
            "file": "src/t_string.c"
        }
    }
]