A corrective release of Redis 7.0.5 has been published that fixes a vulnerability (CVE-2022-35951) that could potentially allow an attacker to execute their code as the Redis process. The issue only affects the 7.x branch and requires access to execute queries to complete the attack.
The vulnerability is caused by an integer overflow that occurs when an incorrect value is specified for the "COUNT" parameter in the "XAUTOCLAIM" command. When used in a command with stream keys in a certain state, an integer overflow can be used to write to an area outside of the heap-allocated memory.
Source: opennet.ru