Bugzilla – Bug 1203638
VUL-0: CVE-2022-35951: redis: Fix heap overflow vulnerability in XAUTOCLAIM
Last modified: 2022-09-22 08:03:36 UTC
In Redis before 7.0.5, executing a XAUTOCLAIM command on a stream key in a specific state, with a specially crafted COUNT argument, may cause an integer overflow a subsequent heap overflow, and potentially lead to remote code execution.
Affects Redis 7.0.0 or newer, fixed in 7.0.5.
Danilo, recommend you add Michael as a maintainer
(In reply to Andreas Stieger from comment #1)
> Danilo, recommend you add Michael as a maintainer
Nope. I don't want that.
Thanks for the report Andreas.
The integer overflow was introduced in 7.0-rc2, therefore none of the SUSE codestream is affected.