CVE-2022-3734
Last modified
CVE-2022-3734 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A vulnerability was found in a port or fork of Redis. It has been declared as critical. EPSS estimates a 0.59% chance of exploitation in the next 30 days.
Description
A vulnerability was found in a port or fork of Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:/Program Files/Redis/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of this vulnerability is VDB-212416. NOTE: The official Redis release is not affected. This issue might affect an unofficial fork or port on Windows only.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redis | Redis | All versions |
References
- https://vuldb.com/?id.212416Permissions Required, Third Party Advisory
- https://www.cnblogs.com/J0o1ey/p/16829380.htmlPermissions Required, Third Party Advisory
- https://vuldb.com/?id.212416Permissions Required, Third Party Advisory
- https://www.cnblogs.com/J0o1ey/p/16829380.htmlPermissions Required, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-3734?
How severe is CVE-2022-3734?
How do I fix CVE-2022-3734?
Are you affected by CVE-2022-3734?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST