CVE-2022-24834

Опубликовано: 13 июл. 2023

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS3: 7

Описание

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	5:7.0.15-1build2
esm-apps/bionic	released	5:4.0.9-1ubuntu0.2+esm4
esm-apps/focal	released	5:5.0.7-2ubuntu0.1+esm2
esm-apps/jammy	released	5:6.0.16-1ubuntu1+esm1
esm-apps/noble	not-affected	5:7.0.12-1
esm-apps/xenial	released	2:3.0.6-1ubuntu0.4+esm2
esm-infra-legacy/trusty	released	2:2.8.4-2ubuntu0.2+esm3
focal	ignored	end of standard support, was needed
jammy	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%

0.37948

Средний

7 High

CVSS3

Связанные уязвимости

CVE-2022-24834

CVSS3: 7

redhat

больше 2 лет назад

CVE-2022-24834

CVSS3: 7

nvd

больше 2 лет назад

CVE-2022-24834

CVSS3: 8.8

msrc

больше 2 лет назад

Heap overflow issue with the Lua cjson library used by Redis

CVE-2022-24834

CVSS3: 7

debian

больше 2 лет назад

Redis is an in-memory database that persists on disk. A specially craf ...

SUSE-SU-2023:2924-1

suse-cvrf

больше 2 лет назад

Security update for redis

EPSS

Процентиль: 97%

0.37948

Средний

7 High

CVSS3

CVE-2022-24834

Описание

Пакет redis

Ссылки на источники

Связанные уязвимости