Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-24834

Опубликовано: 13 июл. 2023
Источник: debian
EPSS Средний

Описание

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
redisfixed5:7.0.12-1package
redisno-dsabusterpackage

Примечания

  • https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES

  • https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 (7.2-rc3)

  • https://github.com/redis/redis/commit/f6a7c9f9ec9354702cc3143310a24bf3d1507b03 (7.0.12)

  • https://github.com/redis/redis/pull/12398

EPSS

Процентиль: 97%
0.42077
Средний

Связанные уязвимости

ubuntu логотип

CVE-2022-24834

CVSS3: 7
ubuntu
около 2 лет назад

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

redhat логотип

CVE-2022-24834

CVSS3: 7
redhat
около 2 лет назад

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

nvd логотип

CVE-2022-24834

CVSS3: 7
nvd
около 2 лет назад

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

suse-cvrf логотип

SUSE-SU-2023:2924-1

suse-cvrf
около 2 лет назад

Security update for redis

fstec логотип

BDU:2023-07213

CVSS3: 8.8
fstec
около 2 лет назад

Уязвимость библиотек cjson и cmsgpack системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%
0.42077
Средний