{
  "threat_severity" : "Moderate",
  "public_date" : "2023-02-28T00:00:00Z",
  "bugzilla" : {
    "description" : "redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow",
    "id" : "2174305",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2174305"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190->CWE-407",
  "details" : [ "Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9.", "A vulnerability was found in Redis. This flaw allows an authenticated to use string matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial of service attack on Redis, causing it to hang and consume 100% of CPU time." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-01-22T00:00:00Z",
    "advisory" : "RHSA-2025:0595",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "redis:6-8100020250113083959.489197e6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "redis",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Out of support scope",
    "package_name" : "redis",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-redis6-redis",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-36021\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36021\nhttps://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84\nhttps://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv" ],
  "name" : "CVE-2022-36021",
  "csaw" : false
}