Описание
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution.
Отчет
The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users.
Меры по смягчению последствий
Prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | 3scale-amp-backend-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-amp-system-container | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Not affected | ||
| Red Hat Enterprise Linux 9 | redis-6-container | Not affected | ||
| Red Hat Fuse 7 | redis | Not affected | ||
| Red Hat OpenStack Platform 16.1 | openstack-redis-base-container | Not affected | ||
| Red Hat OpenStack Platform 16.1 | openstack-redis-container | Not affected | ||
| Red Hat OpenStack Platform 16.2 | openstack-redis-container | Not affected | ||
| Red Hat OpenStack Platform 17.0 | openstack-redis-container | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Redis is an in-memory database that persists on disk. A specially craf ...
Уязвимость библиотек cjson и cmsgpack системы управления базами данных (СУБД) Redis, позволяющая нарушителю выполнить произвольный код
EPSS
7 High
CVSS3