Vulnerabilities > CVE-2022-36021 - Algorithmic Complexity vulnerability in Redis

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

redis

CWE-407

NVD

Published: 2023-03-01

Updated: 2023-11-07

Summary

Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.

Vulnerable Configurations

Part	Description	Count
Application	Redis Redis Redis 7.0.0 Redis Redis 7.0.1 Redis Redis 7.0.2 Redis Redis 7.0.3 Redis Redis 7.0.4 Redis Redis 7.0.5 Redis Redis 7.0.6 Redis Redis 7.0.7 Redis Redis 7.0.8 Redis Redis 6.2.0 Redis Redis 6.2.1 Redis Redis 6.2.2 Redis Redis 6.2.3 Redis Redis 6.2.4 Redis Redis 6.2.5 Redis Redis 6.2.6 Redis Redis 6.2.7 Redis Redis 6.2.8 Redis Redis 6.2.9 Redis Redis - Redis Redis 1.3.6 Redis Redis 2.0.0 Redis Redis 2.0.1 Redis Redis 2.0.2 Redis Redis 2.0.3 Redis Redis 2.0.4 Redis Redis 2.0.5 Redis Redis 2.2.0 Redis Redis 2.2.1 Redis Redis 2.2.2 Redis Redis 2.2.3 Redis Redis 2.2.4 Redis Redis 2.2.5 Redis Redis 2.2.6 Redis Redis 2.2.7 Redis Redis 2.2.8 Redis Redis 2.2.9 Redis Redis 2.2.10 Redis Redis 2.2.11 Redis Redis 2.2.12 Redis Redis 2.2.13 Redis Redis 2.2.14 Redis Redis 2.2.15 Redis Redis 2.4.0 Redis Redis 2.4.1 Redis Redis 2.4.2 Redis Redis 2.4.3 Redis Redis 2.4.4 Redis Redis 2.4.5 Redis Redis 2.4.6 Redis Redis 2.4.7 Redis Redis 2.4.8 Redis Redis 2.4.9 Redis Redis 2.4.10 Redis Redis 2.4.11 Redis Redis 2.4.12 Redis Redis 2.4.13 Redis Redis 2.4.14 Redis Redis 2.4.15 Redis Redis 2.4.16 Redis Redis 2.4.17 Redis Redis 2.4.18 Redis Redis 2.6.0 Redis Redis 2.6.1 Redis Redis 2.6.2 Redis Redis 2.6.3 Redis Redis 2.6.4 Redis Redis 2.6.5 Redis Redis 2.6.6 Redis Redis 2.6.7 Redis Redis 2.6.8 Redis Redis 2.6.9 Redis Redis 2.6.10 Redis Redis 2.6.11 Redis Redis 2.6.12 Redis Redis 2.6.13 Redis Redis 2.6.14 Redis Redis 2.6.15 Redis Redis 2.6.16 Redis Redis 2.6.17 Redis Redis 2.8.0 Redis Redis 2.8.1 Redis Redis 2.8.2 Redis Redis 2.8.3 Redis Redis 2.8.4 Redis Redis 2.8.5 Redis Redis 2.8.6 Redis Redis 2.8.7 Redis Redis 2.8.8 Redis Redis 2.8.9 Redis Redis 2.8.10 Redis Redis 2.8.11 Redis Redis 2.8.12 Redis Redis 2.8.13 Redis Redis 2.8.14 Redis Redis 2.8.15 Redis Redis 2.8.16 Redis Redis 2.8.17 Redis Redis 2.8.18 Redis Redis 2.8.19 Redis Redis 2.8.20 Redis Redis 2.8.21 Redis Redis 2.8.22 Redis Redis 2.8.23 Redis Redis 2.8.24 Redis Redis 3.0.0 Redis Redis 3.0.1 Redis Redis 3.0.2 Redis Redis 3.0.3 Redis Redis 3.0.4 Redis Redis 3.0.5 Redis Redis 3.0.6 Redis Redis 3.0.7 Redis Redis 3.2.0 Redis Redis 3.2.1 Redis Redis 3.2.2 Redis Redis 3.2.3 Redis Redis 3.2.4 Redis Redis 3.2.5 Redis Redis 3.2.6 Redis Redis 3.2.7 Redis Redis 3.2.8 Redis Redis 3.2.9 Redis Redis 3.2.10 Redis Redis 3.2.11 Redis Redis 3.2.12 Redis Redis 3.2.13 Redis Redis 4.0.0 Redis Redis 4.0.1 Redis Redis 4.0.2 Redis Redis 4.0.3 Redis Redis 4.0.4 Redis Redis 4.0.5 Redis Redis 4.0.6 Redis Redis 4.0.7 Redis Redis 4.0.8 Redis Redis 4.0.9 Redis Redis 4.0.10 Redis Redis 4.0.11 Redis Redis 4.0.12 Redis Redis 4.0.13 Redis Redis 4.0.14 Redis Redis 5.0.0 Redis Redis 5.0.1 Redis Redis 5.0.2 Redis Redis 5.0.3 Redis Redis 5.0.4 Redis Redis 5.0.5 Redis Redis 5.0.6 Redis Redis 5.0.7 Redis Redis 5.0.8 Redis Redis 5.0.9 Redis Redis 5.0.10 Redis Redis 5.0.11 Redis Redis 5.0.12 Redis Redis 5.0.13 Redis Redis 5.0.14 Redis Redis 6.0.0 Redis Redis 6.0.1 Redis Redis 6.0.2 Redis Redis 6.0.3 Redis Redis 6.0.4 Redis Redis 6.0.5 Redis Redis 6.0.6 Redis Redis 6.0.7 Redis Redis 6.0.8 Redis Redis 6.0.9 Redis Redis 6.0.10 Redis Redis 6.0.11 Redis Redis 6.0.12 Redis Redis 6.0.13 Redis Redis 6.0.14 Redis Redis 6.0.15 Redis Redis 6.0.16 Redis Redis 6.0.17	175

Common Weakness Enumeration (CWE)

CWE-407 - Algorithmic Complexity

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References