Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Published

2023-07-13T15:15:08.817

Last Modified

2024-11-21T06:51:12.103

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

Weaknesses

Type: Primary
CWE-122
CWE-680

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redis	redis	< 6.0.20	Yes
Application	redis	redis	< 6.2.13	Yes
Application	redis	redis	< 7.0.12	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838 Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/ Mailing List, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230814-0006/ ([email protected])
https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230814-0006/ (af854a3a-2127-422b-91ae-364da2661108)