Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-24736

Опубликовано: 27 апр. 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.1
CVSS3: 3.3

Описание

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to SCRIPT LOAD and EVAL commands using ACL rules.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

5:7.0.15-1build2
esm-apps/bionic

needed

esm-apps/focal

needed

esm-apps/jammy

needed

esm-apps/noble

not-affected

5:7.0.12-1
esm-apps/xenial

needed

esm-infra-legacy/trusty

needed

focal

ignored

end of standard support, was needed
impish

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 56%
0.00344
Низкий

2.1 Low

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-24736

CVSS3: 3.3
redhat
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

nvd логотип

CVE-2022-24736

CVSS3: 3.3
nvd
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

msrc логотип

CVE-2022-24736

CVSS3: 5.5
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-24736

CVSS3: 3.3
debian
больше 3 лет назад

Redis is an in-memory database that persists on disk. Prior to version ...

fstec логотип

BDU:2022-02940

CVSS3: 3.3
fstec
больше 3 лет назад

Уязвимость системы управления базами данных Redis, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 56%
0.00344
Низкий

2.1 Low

CVSS2

3.3 Low

CVSS3