{"id":"CVE-2022-3647","details":"** DISPUTED ** A vulnerability, which was classified as problematic, was found in Redis up to 6.2.7/7.0.5. Affected is the function sigsegvHandler of the file debug.c of the component Crash Report. The manipulation leads to denial of service. The complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. Upgrading to version 6.2.8 and 7.0.6 is able to address this issue. The patch is identified as 0bf90d944313919eb8e63d3588bf63a367f020a3. It is recommended to apply a patch to fix this issue. VDB-211962 is the identifier assigned to this vulnerability. NOTE: The vendor claims that this is not a DoS because it applies to the crash logging mechanism which is triggered after a crash has occurred.","aliases":["BIT-keydb-2022-3647","BIT-redis-2022-3647","BIT-valkey-2022-3647"],"modified":"2026-04-11T23:42:01.214504Z","published":"2022-10-21T18:15:10.183Z","related":["CGA-j87x-pv56-8cqq","SUSE-SU-2022:4168-1","SUSE-SU-2022:4169-1","openSUSE-SU-2024:12468-1"],"references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.211962"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.211962"},{"type":"FIX","url":"https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"0"},{"fixed":"423c78f4fa1523197b1030475bc2bee056ac1309"},{"introduced":"d375595d5e3ae2e5c29e6c00a2dc3d60578fd9fc"},{"fixed":"c0924a8361281cc71a74a0dcf53960ee51d78455"},{"fixed":"0bf90d944313919eb8e63d3588bf63a367f020a3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.2.8"},{"introduced":"7.0.0"},{"fixed":"7.0.6"}]}}],"versions":["1.3.6","2.2-alpha0","2.2-alpha1","2.2-alpha2","2.2-alpha3","2.2-alpha4","2.2-alpha5","2.2-alpha6","2.2.0-rc1","2.3-alpha0","6.2-rc1","6.2-rc2","6.2-rc3","6.2.0","6.2.1","6.2.2","6.2.3","6.2.4","6.2.5","6.2.6","6.2.7","7.0.0","7.0.1","7.0.2","7.0.3","7.0.4","7.0.5","v1.3.10","v1.3.11","v1.3.7","v1.3.8","v1.3.9","v2.0.0-rc1","v2.1.1-watch","vm-playpen"],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"length":441,"function_hash":"210015020685415630896762025585596103580"},"id":"CVE-2022-3647-112c64e7","target":{"function":"watchdogSignalHandler","file":"src/debug.c"},"source":"https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3","signature_type":"Function","deprecated":false},{"signature_version":"v1","digest":{"line_hashes":["125199183663522286183110685364425084528","240134876764743336796492355373468475598","151442725386573032328058880146315980765","70887686621568448199757418625969223851","159433737591705640380983121509517214805","99214821734321066044634766690401539672","336939824272693440603287248681414110273","264106142673394772445649974467390821574","194499629950286463780870291872087987829","98917798553546872256311334130464809873","89496349629360282942510588597095275666","156847220522005228218005165932475101381","78745651507431652794460859017693843398","282317185318237556990371900905024362252","270041966988879547815228352414232652050","215613342631922840722695521336356185428","117004681868532725816036758954638963637","98917798553546872256311334130464809873","137556173526779279716049051590108009314","322498891338560971765975543526407180046","222327717770943925128663671897540260125","178166755421363730958786412849412263145","245974618798261078501579865073330658432","244633315158013149406870214684196843619","271064083238182358399508573951963267793","91962416890634328936155448391962135967","249814579166790539327879824093880487641","131898852810309585878212082280353996182","199132917756532262015975422040958526016","291477190740769817464322933308554795717","269454987183942483124961857704032223789","264163473427487903904499996668655604335","189238426234730694714928590307270501491","161117054153999153923144698988708605253","283660349050095070730508365867882323429","230362210861926887461889883350866717836","272513892293487143577530054766116610485","204892074706307582700487292280379152467","237168579805711901365502681571442970256","337035157366946892123445259154845874547","149076952619576010735712835145637759210","58959829995265368591538823382650742059","284134007010098371780213721819680864066","226497388278297968597848181111841278266","50028399420648578750191485029321021137","129447741877903948024507576056660296761","128578087581252819207174310719333469090","175288694030684297583706920937956402098","35782146601185620832389730793732121579","296650932713505818610148963499279015196","1904102272459599052028495350710939099","184346695100977541784706616805383027746","11738445745272513613492292979713505057","12123272397736002172475455658448341070","319030372747795029739559839832258586787","270999107406263574338145198520523646125","197068873363893018112832894959858748358","96754676778290157392993206661984155926","284066322399563837595463265755703785967","205075484669615089918902755264303026418","49964958118044949987300187485513887405","55091662515547688433730592934432040260","58959829995265368591538823382650742059","331734508969332822325244078587068500052","30044100684124268452303085568514779040","265237687061628947004419030057487680420","236989670316446279729545520100814464854","84393526027923097745066654269158637700","2755196833804476455885345879262767712","109200473934418800592328873377370969858","68205031767228308638483655051997712310","110799629961889679169740661999710082171","163838184404947015783278144430164318052","168727024169599365813301374983802252058","263740482781233496337243070378245109443","187972261297474336928322495930257767923","337968945059866065911518687776696941576","81129594417850072974989305941010668400","179472014131892784758995701872343522190"],"threshold":0.9},"id":"CVE-2022-3647-76d6a025","target":{"file":"src/debug.c"},"source":"https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3","signature_type":"Line","deprecated":false},{"signature_version":"v1","digest":{"length":80,"function_hash":"67955424514005580958484976880433966415"},"id":"CVE-2022-3647-8a652a48","target":{"function":"getMcontextEip","file":"src/debug.c"},"source":"https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3","signature_type":"Function","deprecated":false},{"signature_version":"v1","digest":{"length":899,"function_hash":"268361595815424809980535498494661636657"},"id":"CVE-2022-3647-f3634cd9","target":{"function":"sigsegvHandler","file":"src/debug.c"},"source":"https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3","signature_type":"Function","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3647.json","vanir_signatures_modified":"2026-04-11T23:42:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}