A heap-based buffer overflow flaw was found in Redis. This flaw allows an malicious user to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution. (CVE-2022-24834)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redis redis |
||
fedoraproject fedora 37 |
||
fedoraproject fedora 38 |