Bug 2137209 (CVE-2022-3647) - CVE-2022-3647 redis: crash in sigsegvHandler debug function
Summary: CVE-2022-3647 redis: crash in sigsegvHandler debug function
Keywords:
Status: NEW
Alias: CVE-2022-3647
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2143619 2137210 2137211 2137212 2137213 2137340 2137341
Blocks: 2137112
TreeView+ depends on / blocked
 
Reported: 2022-10-24 07:45 UTC by Borja Tarraso
Modified: 2024-02-16 19:27 UTC (History)
45 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
A flaw was found in Redis when calling the sigsegvHandler function of the debug component crash report. This issue causes a crash, ignoring the report information and kills the processes, which leads to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Borja Tarraso 2022-10-24 07:45:45 UTC 
A vulnerability, which was classified as problematic, was found in Redis. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The name of the patch is 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability.
Comment 1 Borja Tarraso 2022-10-24 07:46:18 UTC 
Created redis tracking bugs for this issue:

Affects: epel-7 [bug 2137210]
Affects: fedora-all [bug 2137211]
Note You need to log in before you can comment on or make changes to this bug.