Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

ALASREDIS6-2023-002

Related Vulnerabilities: CVE-2022-24834  

A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution. (CVE-2022-24834)

Source

ALASREDIS6-2023-002

Amazon Linux 2 Security Advisory: ALASREDIS6-2023-002
Advisory Release Date: 2023-08-07 05:24 Pacific
Advisory Updated Date: 2023-09-25 22:03 Pacific
Severity: Important
Issue Overview:

A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution. (CVE-2022-24834)


Affected Packages:

redis


Issue Correction:
Run yum update redis to update your system.

New Packages:
aarch64:
    redis-6.2.13-1.amzn2.aarch64
    redis-devel-6.2.13-1.amzn2.aarch64
    redis-debuginfo-6.2.13-1.amzn2.aarch64

noarch:
    redis-doc-6.2.13-1.amzn2.noarch

src:
    redis-6.2.13-1.amzn2.src

x86_64:
    redis-6.2.13-1.amzn2.x86_64
    redis-devel-6.2.13-1.amzn2.x86_64
    redis-debuginfo-6.2.13-1.amzn2.x86_64

Additional References

Red Hat: CVE-2022-24834

Mitre: CVE-2022-24834

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started