Published: 27/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an malicious user to load a crafting script, which results in a crash of the redis-server process. (CVE-2022-24736)

Vulnerable Product	Search on Vulmon	Subscribe to Product
redis redis 7.0
redis redis
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
netapp management services for element software -
netapp management services for netapp hci -
oracle communications operations monitor 4.3
oracle communications operations monitor 4.4
oracle communications operations monitor 5.0

Synopsis Low: redis:6 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redis:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...

Synopsis Low: redis security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redis is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer de ...

Redis is an in-memory database that persists on disk By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 700 or 627 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user The Lua script execution environment in Redis provides some mea ...

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer de ...

CWE-94 https://github.com/redis/redis/pull/10651 https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq https://github.com/redis/redis/releases/tag/7.0.0 https://github.com/redis/redis/releases/tag/6.2.7 https://security.netapp.com/advisory/ntap-20220715-0003/https://www.oracle.com/security-alerts/cpujul2022.html https://security.gentoo.org/glsa/202209-17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:7541 https://alas.aws.amazon.com/AL2/ALASREDIS6-2023-003.html

CVE-2022-24735

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect