Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like SCAN
or KEYS
) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "126464697838505507228666083962779546454", "150412474198474738257319036961167457092", "35374073575678203773399989303306961166", "111634149353755209275426835518613667871", "94232520062590603120052529204803997911", "142664002336838874641599456823725507217", "314198068333033048916605646879667238529", "235428705830044225770427432796456894789", "9750028865141680449935411996214012138", "53458498070622451715640627479229719716", "285867654145245020322252982284148133281", "73512740762000367108698473547362467084", "183999695971907554713422441496994192957", "5157595485982869501254520368800120422", "173020804748077245807074834168018712431", "302128118842853102311713414874765200528", "32658260615270067165067781859838400334" ], "threshold": 0.9 }, "target": { "file": "src/util.c" }, "signature_version": "v1", "signature_type": "Line", "id": "CVE-2022-36021-1aa54db8", "source": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "deprecated": false }, { "digest": { "length": 1840.0, "function_hash": "164722953920992462798870227519663273173" }, "target": { "function": "stringmatchlen", "file": "src/util.c" }, "signature_version": "v1", "signature_type": "Function", "id": "CVE-2022-36021-2429f3b2", "source": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "deprecated": false } ] }