{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-36021", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2022-07-15T23:52:24.301Z", "datePublished": "2023-03-01T15:46:23.567Z", "dateUpdated": "2024-08-03T09:51:59.947Z"}, "containers": {"cna": {"title": "Redis string pattern matching can be abused to achieve Denial of Service", "problemTypes": [{"descriptions": [{"cweId": "CWE-407", "lang": "en", "description": "CWE-407: Inefficient Algorithmic Complexity", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv"}, {"name": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": "< 6.0.18", "status": "affected"}, {"version": ">= 6.2.0, < 6.2.11", "status": "affected"}, {"version": ">= 7.0.0, < 7.0.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-03-01T15:46:23.567Z"}, "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.\n"}], "source": {"advisory": "GHSA-jr7j-rfj5-8xqv", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:59.947Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv"}, {"name": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F70AB47-0452-4438-87FC-6CBD440815EF", "versionEndExcluding": "6.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "F953DA13-66E1-4983-9744-F861931E8628", "versionEndExcluding": "6.2.11", "versionStartIncluding": "6.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB0A4E48-9EF2-4F32-B72C-7F243EC31DB2", "versionEndExcluding": "7.0.9", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.\n"}], "id": "CVE-2022-36021", "lastModified": "2024-11-21T07:12:12.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-01T16:15:09.400", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-407"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-407"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0595", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:6-8100020250113083959.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-22T00:00:00Z"}], "bugzilla": {"description": "redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow", "id": "2174305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174305"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-407", "details": ["Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.", "A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time."], "name": "CVE-2022-36021", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "redis", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "redis", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-redis6-redis", "product_name": "Red Hat Software Collections"}], "public_date": "2023-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-36021\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36021\nhttps://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84\nhttps://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv"], "threat_severity": "Moderate"}