Heap overflow issue with the Lua cjson library used by Redis
CVE-2022-24834
Key Information:
Badges
What is CVE-2022-24834?
Redis is an in-memory database with disk persistence that is affected by a vulnerability allowing a specially crafted Lua script to cause a heap overflow in the cjson library. This can result in heap corruption and may enable remote code execution, impacting only authenticated and authorized users. The issue has been addressed in Redis versions 7.0.12, 6.2.13, and 6.0.20, making it crucial for users to promptly update their software to mitigate potential risks.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
redis >= 7.0.0, < 7.0.12 < 7.0.0, 7.0.12
redis >= 6.2.0, < 6.2.13 < 6.2.0, 6.2.13
redis >= 6.0.0, < 6.0.20 < 6.0.0, 6.0.20
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
38% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved