CVE-2022-35951 is a vulnerability in Redis, an open-source in-memory database widely used for caching, message brokering, and real-time analytics. The affected versions are Redis 7.0.0 through 7.0.4 inclusive. The flaw arises from an integer overflow triggered by the `XAUTOCLAIM` command when executed on a stream key in a particular state with a specially crafted `COUNT` argument. The integer overflow can lead to a heap overflow, which in turn may allow an attacker to execute arbitrary code remotely. This vulnerability is classified under CWE-190 (Integer Overflow or Wraparound), indicating improper handling of integer operations that exceed their maximum values. The issue was patched in Redis version 7.0.5. No known workarounds exist, and no public exploits have been reported in the wild as of the publication date. The vulnerability requires the attacker to send a crafted `XAUTOCLAIM` command to the Redis server, which typically listens on TCP port 6379. Exploitation may not require authentication if the Redis instance is exposed without access controls, which is a common misconfiguration. The vulnerability impacts the confidentiality, integrity, and availability of Redis instances, as successful exploitation could lead to remote code execution, potentially compromising the host system and any data stored or processed by Redis.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Redis for critical infrastructure such as web applications, financial services, telecommunications, and industrial control systems. A successful exploit could lead to full system compromise, data theft, or service disruption. Given Redis's role in caching and session management, attackers could manipulate or exfiltrate sensitive data, degrade service availability, or pivot to other internal systems. The lack of authentication requirements in some deployments increases risk, particularly for Redis instances exposed to public or poorly segmented networks. The vulnerability's exploitation could also facilitate ransomware attacks or espionage, which are concerns for sectors like government, healthcare, and energy within Europe. The medium severity rating reflects the need for authentication in some cases and the absence of known exploits, but the potential for remote code execution elevates the threat considerably.

1. Upgrade all Redis instances to version 7.0.5 or later immediately to apply the official patch addressing this vulnerability. 2. Audit network configurations to ensure Redis servers are not exposed directly to the internet or untrusted networks. Use firewall rules and network segmentation to restrict access to trusted hosts only. 3. Enable Redis authentication (requirepass directive) and enforce strong passwords to prevent unauthorized command execution. 4. Implement access control lists (ACLs) available in Redis 6 and later to limit command execution privileges, especially restricting the use of stream-related commands like `XAUTOCLAIM`. 5. Monitor Redis logs and network traffic for unusual `XAUTOCLAIM` command usage or anomalous stream operations. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect exploitation attempts targeting this vulnerability. 7. Regularly review and update incident response plans to include scenarios involving Redis compromise. 8. For cloud or containerized deployments, ensure Redis instances run with least privilege and are isolated from other critical services.