Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Redis by unspecified
CVE-2022-3734 (GCVE-0-2022-3734)
Vulnerability from nvd – Published: 2022-10-28 00:00 – Updated: 2024-08-03 01:20 Disputed
VLAI
Title
Redis on Windows dbghelp.dll uncontrolled search path
Summary
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
Severity
6.3 (Medium)
CWE
- CWE-426 - Untrusted Search Path -> CWE-427 Uncontrolled Search Path
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Redis |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cnblogs.com/J0o1ey/p/16829380.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.212416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path -\u003e CWE-427 Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://www.cnblogs.com/J0o1ey/p/16829380.html"
},
{
"url": "https://vuldb.com/?id.212416"
}
],
"tags": [
"disputed"
],
"title": "Redis on Windows dbghelp.dll uncontrolled search path",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3734",
"datePublished": "2022-10-28T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:20:57.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3647 (GCVE-0-2022-3647)
Vulnerability from nvd – Published: 2022-10-21 00:00 – Updated: 2025-04-15 13:24 Disputed
VLAI
Title
Redis Crash Report debug.c sigsegvHandler denial of service
Summary
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.211962 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.211962 | signaturepermissions-required |
| https://github.com/redis/redis/commit/0bf90d94431… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3647",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:59:14.740801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:24:41.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Crash Report"
],
"product": "Redis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "arkamar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Redis bis 6.2.7/7.0.5 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sigsegvHandler der Datei debug.c der Komponente Crash Report. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Ein Aktualisieren auf die Version 6.2.8 and 7.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0bf90d944313919eb8e63d3588bf63a367f020a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:30:49.145Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-10-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-06T10:30:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Redis Crash Report debug.c sigsegvHandler denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3647",
"datePublished": "2022-10-21T00:00:00.000Z",
"dateReserved": "2022-10-21T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:24:41.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3734 (GCVE-0-2022-3734)
Vulnerability from cvelistv5 – Published: 2022-10-28 00:00 – Updated: 2024-08-03 01:20 Disputed
VLAI
Title
Redis on Windows dbghelp.dll uncontrolled search path
Summary
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
Severity
6.3 (Medium)
CWE
- CWE-426 - Untrusted Search Path -> CWE-427 Uncontrolled Search Path
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| unspecified | Redis |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cnblogs.com/J0o1ey/p/16829380.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.212416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Redis",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path -\u003e CWE-427 Uncontrolled Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-29T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://www.cnblogs.com/J0o1ey/p/16829380.html"
},
{
"url": "https://vuldb.com/?id.212416"
}
],
"tags": [
"disputed"
],
"title": "Redis on Windows dbghelp.dll uncontrolled search path",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3734",
"datePublished": "2022-10-28T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T01:20:57.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3647 (GCVE-0-2022-3647)
Vulnerability from cvelistv5 – Published: 2022-10-21 00:00 – Updated: 2025-04-15 13:24 Disputed
VLAI
Title
Redis Crash Report debug.c sigsegvHandler denial of service
Summary
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-404 - Denial of Service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.211962 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.211962 | signaturepermissions-required |
| https://github.com/redis/redis/commit/0bf90d94431… | patch |
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:03.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3647",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:59:14.740801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:24:41.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Crash Report"
],
"product": "Redis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "6.2.0"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.2"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.4"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.6"
},
{
"status": "affected",
"version": "6.2.7"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "arkamar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Redis bis 6.2.7/7.0.5 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sigsegvHandler der Datei debug.c der Komponente Crash Report. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig auszunutzen. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt. Ein Aktualisieren auf die Version 6.2.8 and 7.0.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0bf90d944313919eb8e63d3588bf63a367f020a3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "CWE-404 Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-06T09:30:49.145Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.211962"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.211962"
},
{
"tags": [
"patch"
],
"url": "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-10-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-10-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-06T10:30:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Redis Crash Report debug.c sigsegvHandler denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3647",
"datePublished": "2022-10-21T00:00:00.000Z",
"dateReserved": "2022-10-21T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:24:41.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}