Published: 27/04/2022 Updated: 07/11/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an malicious user to load a crafting script, which results in a crash of the redis-server process. (CVE-2022-24736)

Vulnerable Product	Search on Vulmon	Subscribe to Product
redis redis 7.0
redis redis
fedoraproject fedora 34
fedoraproject fedora 35
fedoraproject fedora 36
netapp management services for element software -
netapp management services for netapp hci -
oracle communications operations monitor 4.3
oracle communications operations monitor 4.4
oracle communications operations monitor 5.0

Synopsis Low: redis:6 security, bug fix, and enhancement update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the redis:6 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...

Synopsis Low: redis security and bug fix update Type/Severity Security Advisory: Low Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for redis is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer de ...

Redis is an in-memory database that persists on disk Prior to versions 627 and 700, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process The problem is fixed in Redis versions 700 and 627 An additional workaround to mitigate this proble ...

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user (CVE-2022-24735) A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer de ...

CWE-476 https://github.com/redis/redis/pull/10651 https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 https://github.com/redis/redis/releases/tag/7.0.0 https://github.com/redis/redis/releases/tag/6.2.7 https://security.netapp.com/advisory/ntap-20220715-0003/https://www.oracle.com/security-alerts/cpujul2022.html https://security.gentoo.org/glsa/202209-17 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WSTPUCAPBRHIFPSCOURR4OYX4E2OISAF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J4ZK3675DGHVVDOFLJN7WX6YYH27GPMK/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2022:7541 https://alas.aws.amazon.com/AL2/ALASREDIS6-2023-003.html

CVE-2022-24736

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect