CVE-2022-35951
Published: 23 September 2022
Summary
CVE-2022-35951 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Redis Redis. Its CVSS base score is 7.0 (High).
Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Redis versions 7.0.0 through 7.0.4 contain an integer overflow vulnerability in the XAUTOCLAIM command when executed against a stream key in a specific state using a crafted COUNT argument. The flaw, tracked as CWE-190, produces a subsequent heap overflow that can result in remote code execution. The issue was assigned a CVSS 3.1 score of 7.0 reflecting local attack vector, high complexity, and high impact on confidentiality, integrity, and availability.
An authenticated local attacker who can execute Redis commands can trigger the overflow to corrupt heap memory and potentially gain arbitrary code execution on the Redis process. No special user interface interaction is required, though the attack complexity is rated high because the target stream must be in a particular state.
Official advisories from the Redis project and downstream distributions such as Fedora and Gentoo state that the vulnerability is resolved in version 7.0.5; the project reports no known workarounds. NetApp has also published an advisory confirming the affected status of certain products and directing customers to the upstream fix.
EPSS for the CVE rose from a low baseline after disclosure to a peak of 0.7885 on 2025-12-11 before receding to the current value of 0.1865, indicating that exploitation interest increased substantially post-release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-38797
Vulnerability details
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument…
more
may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.