Vulnerability to reds of reds, potentially allowing you to execute its code

published Correcting the release of Subd Redis 7.0.5 , in which vulnerability is eliminated. ( cve-2022-35951 ), potentially allowing the attacker to execute his code with the Redis process rights. The problem affects only the 7.x branch and requires an attack by access to the execution of requests.

Vulnerability caused , arising when indicating the incorrect value of the “Count” parameter in the team “Xautoclaim”. When using streaming keys in a certain state, the integrated overflow can be used to write to the region outside the memory allocated in a heap.