Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-31144

Redis is an in-memory database that persists on disk. A specially crafted XAUTOCLAIM command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

  • Published: Jul 19, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-31144
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
redis / redis 7.0 7.0.4