Cyber Resilience

CVE-2022-35951

High

Published: 23 September 2022

Published
23 September 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1865 95.4th percentile
Risk Priority 25 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35951 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Redis Redis. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 4.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Redis versions 7.0.0 through 7.0.4 contain an integer overflow vulnerability in the XAUTOCLAIM command when executed against a stream key in a specific state using a crafted COUNT argument. The flaw, tracked as CWE-190, produces a subsequent heap overflow that can result in remote code execution. The issue was assigned a CVSS 3.1 score of 7.0 reflecting local attack vector, high complexity, and high impact on confidentiality, integrity, and availability.

An authenticated local attacker who can execute Redis commands can trigger the overflow to corrupt heap memory and potentially gain arbitrary code execution on the Redis process. No special user interface interaction is required, though the attack complexity is rated high because the target stream must be in a particular state.

Official advisories from the Redis project and downstream distributions such as Fedora and Gentoo state that the vulnerability is resolved in version 7.0.5; the project reports no known workarounds. NetApp has also published an advisory confirming the affected status of certain products and directing customers to the upstream fix.

EPSS for the CVE rose from a low baseline after disclosure to a peak of 0.7885 on 2025-12-11 before receding to the current value of 0.1865, indicating that exploitation interest increased substantially post-release.

EU & UK References

Vulnerability details

Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument…

more

may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

redis
redis
7.0.0 — 7.0.5
fedoraproject
fedora
37

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References