Lucene search
Gentoo FoundationMGASA-2023-0246HistoryAug 23, 2023 - 10:56 p.m.
Updated redis packages fix security vulnerability
2023-08-2322:56:41
Gentoo Foundation
advisories.mageia.org
36
redis
lua script
heap overflow
cjson
cmsgpack
heap corruption
remote code execution
cve-2022-24834
unix
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.8%
A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. (CVE-2022-24834)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 8 | noarch | redis | < 6.0.20-1 | redis-6.0.20-1.mga8 |
Related
nessus
nessus
Amazon Linux 2 : redis (ALASREDIS6-2023-002)
2023-09-27 00:00:00
FreeBSD : redis -- Heap overflow in the cjson and cmsgpack libraries (0e254b4a-1f37-11ee-a475-080027f5fec9)
2023-07-10 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2924-1)
2023-07-21 00:00:00
freebsd
freebsd
redis -- Heap overflow in the cjson and cmsgpack libraries
2023-07-10 00:00:00
redhatcve
redhatcve
CVE-2022-24834
2023-07-12 09:36:11
alpinelinux
alpinelinux
CVE-2022-24834
2023-07-13 15:15:08
cbl_mariner
cbl_mariner
CVE-2022-24834 affecting package redis for versions less than 6.2.13-2
2023-09-27 18:02:50
openvas
openvas
openSUSE: Security Advisory for redis (SUSE-SU-2023:2924-1)
2024-03-04 00:00:00
Redis < 6.0.20, 6.2.x < 6.2.13, 7.x < 7.0.12 Heap Overflow Vulnerability
2023-07-12 00:00:00
Mageia: Security Advisory (MGASA-2023-0246)
2023-08-24 00:00:00
nvd
nvd
CVE-2022-24834
2023-07-13 15:15:08
veracode
veracode
Remote Code Execution (RCE)
2023-08-06 17:09:29
prion
prion
Null pointer dereference
2023-07-13 15:15:00
osv
osv
BIT-redis-2022-24834
2024-03-06 11:06:06
CVE-2022-24834
2023-07-13 15:15:08
redis - security update
2024-01-29 00:00:00
githubexploit
githubexploit
Exploit for Heap-based Buffer Overflow in Redis
2023-07-28 17:42:33
cvelist
cvelist
CVE-2022-24834 Heap overflow issue with the Lua cjson library used by Redis
2023-07-13 14:35:41
cve
cve
CVE-2022-24834
2023-07-13 15:15:08
ubuntucve
ubuntucve
CVE-2022-24834
2023-07-13 00:00:00
debiancve
debiancve
CVE-2022-24834
2023-07-13 15:15:08
fedora
fedora
[SECURITY] Fedora 38 Update: redis-7.0.12-1.fc38
2023-07-19 03:14:46
[SECURITY] Fedora 37 Update: redis-7.0.12-1.fc37
2023-07-19 04:21:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0613
2023-07-14 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0427
2023-07-14 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0049
2023-07-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2296
2023-11-21 12:45:37
debian
debian
[SECURITY] [DSA 5610-1] redis security update
2024-01-29 21:15:54
ubuntu
ubuntu
Redis vulnerabilities
2023-12-05 00:00:00
ibm
ibm
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
70.8%
Related for MGASA-2023-0246