Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-24736

Опубликовано: 27 апр. 2022
Источник: nvd
CVSS3: 3.3
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*
Версия до 6.2.7 (исключая)
cpe:2.3:a:redis:redis:7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:redis:redis:7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:redis:redis:7.0:rc3:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00344
Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476
CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2022-24736

CVSS3: 3.3
ubuntu
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

redhat логотип

CVE-2022-24736

CVSS3: 3.3
redhat
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

msrc логотип

CVE-2022-24736

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-24736

CVSS3: 3.3
debian
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to version ...

fstec логотип

BDU:2022-02940

CVSS3: 3.3
fstec
больше 3 лет назад

Уязвимость системы управления базами данных Redis, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 56%
0.00344
Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476
CWE-476