CVE-2022-3647 : ** DISPUTED ** A vulnerability, which was classified as problematic, was found i

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.

Published 2022-10-21 18:15:10

Updated 2024-08-03 02:15:40

Source VulDB

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2022-3647

Redis » Redis
Versions before (<) 6.2.8
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Matching versions
Redis » Redis
Versions from including (>=) 7.0.0 and before (<) 7.0.6
cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2022-3647

Top countries where our scanners detected CVE-2022-3647

Top open port discovered on systems with this issue 6379

IPs affected by CVE-2022-3647 38,309

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2022-3647!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2022-3647

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-3647

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.8	LOW	AV:A/AC:H/Au:N/C:N/I:N/A:P	3.2	2.9	VulDB	2024-02-06
Access Vector: Adjacent Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.1	LOW	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L	1.6	1.4	VulDB
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	1.8	1.4	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE ids for CVE-2022-3647

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2022-3647

https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3

Avoid crash on crash report when a bad function pointer was called (#… · redis/redis@0bf90d9 · GitHub
Exploit;Patch;Third Party Advisory
https://vuldb.com/?id.211962

CVE-2022-3647 | Redis Crash Report debug.c sigsegvHandler denial of service
Third Party Advisory;VDB Entry
https://vuldb.com/?ctiid.211962

CVE-2022-3647: Redis Crash Report debug.c sigsegvHandler denial of service [Disputed]
Permissions Required;Third Party Advisory;VDB Entry