Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-3647— Redis Crash Report debug.c sigsegvHandler denial of service

CVSS 3.1 · Low EPSS 0.32% · P55
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-3647

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Redis Crash Report debug.c sigsegvHandler denial of service
Source: NVD (National Vulnerability Database)
Vulnerability Description
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
不恰当的资源关闭或释放
Source: NVD (National Vulnerability Database)
Vulnerability Title
Redis 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Redis Labs Redis是美国Redis Labs公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis存在安全漏洞。攻击者利用该漏洞造成拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-Redis 6.2.0 -

II. Public POCs for CVE-2022-3647

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-3647

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-10-21 · 21 CVEs total

CVE-2022-42935Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42944Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42943Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42942Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42941Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42940Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42939Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42938Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42937Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42936Autodesk Design Review 缓冲区错误漏洞
CVE-2022-36122Automox 安全漏洞
CVE-2022-42934Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42933Autodesk Design Review 缓冲区错误漏洞
CVE-2022-42206Hospital Management System 跨站脚本漏洞
CVE-2022-42205Hospital Management System 跨站脚本漏洞
CVE-2022-42189Emlog 代码问题漏洞
CVE-2022-41575Gradle 安全漏洞
CVE-2022-41310Autodesk Design Review 缓冲区错误漏洞
CVE-2022-41309Autodesk Design Review 缓冲区错误漏洞
CVE-2022-37454XKCP 输入验证错误漏洞

IV. Related Vulnerabilities

Same product: Redis
Same vendor: n/a
Same weakness: CWE-404

V. Comments for CVE-2022-3647

No comments yet

Leave a comment