Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/35xxx/CVE-2022-35977.json",
"cna_assigner": "GitHub_M",
"cwe_ids": [
"CWE-190"
]
}{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.17"
},
{
"introduced": "6.2.0"
},
{
"fixed": "6.2.9"
},
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.8"
}
]
}"2026-07-10T00:30:48Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-35977.json"
[
{
"id": "CVE-2022-35977-3c7c1097",
"digest": {
"function_hash": "116971469754088312332483466748933374376",
"length": 900.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"function": "appendCommand",
"file": "src/t_string.c"
}
},
{
"id": "CVE-2022-35977-41b235f1",
"digest": {
"function_hash": "82540812152969398714332745819166932468",
"length": 8263.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"function": "sortCommandGeneric",
"file": "src/sort.c"
}
},
{
"id": "CVE-2022-35977-56893ded",
"digest": {
"function_hash": "32570897349986556830414094619646893432",
"length": 239.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"function": "checkStringLength",
"file": "src/t_string.c"
}
},
{
"id": "CVE-2022-35977-98932803",
"digest": {
"line_hashes": [
"186433087898035617545730220172496680738",
"203202165573339978193990582202674487602",
"275809988698162680246583166226838038027",
"73578043121461598977650673034568374077"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"file": "src/sort.c"
}
},
{
"id": "CVE-2022-35977-9ff164f5",
"digest": {
"line_hashes": [
"248180385824619824772464830981375391534",
"5067477213071492840981082149613366054",
"241977057241639579814068567037512555282",
"11990352999479870707193441629836517373",
"100447336807789972624732637466025117494",
"327100190278669955728844978483813395719",
"130387995228581962465477485279535845614",
"105722549271231642153270839899496344190",
"294730995467472452864721434981947207124",
"22245381654923832682850503174443857317",
"130387995228581962465477485279535845614",
"243453517739048749692954273661613904305",
"308503519468359129265766654248724425353",
"110330893842926084747435436159183528456",
"51326573103712825352618788220523467272",
"294796335562077490498565494534997136298",
"134636369608514298103990068146183492358",
"38595801910815835602387448741994528733"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"file": "src/t_string.c"
}
},
{
"id": "CVE-2022-35977-f965c2e0",
"digest": {
"function_hash": "68994465711976581911670797757864833457",
"length": 1288.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/redis/redis/commit/1ec82e6e97e1db06a72ca505f9fbf6b981f31ef7",
"deprecated": false,
"target": {
"function": "setrangeCommand",
"file": "src/t_string.c"
}
}
]