Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2296
HistoryNov 21, 2023 - 12:45 p.m.

Advisory ROSA-SA-2023-2296

2023-11-2112:45:37
ROSA LAB
abf.rosalinux.ru
14
security advisory
redis
rosa-chrome
buffer overflow
integer overflow
fixed
unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON

software: redis 7.0.12
OS: ROSA-CHROME

package_evr_string: redis-7.0.12-1.src.rpm

CVE-ID: CVE-2022-24834
BDU-ID: 2023-07213
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the cjson and cmsgpack libraries of the Redis database management system (DBMS) is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua script
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis

CVE-ID: CVE-2022-31144
BDU-ID: 2022-04601
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Redis database management system (DBMS) is related to a heap buffer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using the XAUTOCLAIM command
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis

CVE-ID: CVE-2022-35951
BDU-ID: 2022-05912
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Redis database management system (DBMS) implementation of the XAUTOCLAIM command is related to an integer overflow when processing the COUNT argument. Exploitation of the vulnerability could allow an attacker to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis

CVE-ID: CVE-2023-36824
BDU-ID: 2023-04264
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Redis database management system (DBMS) is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update redis

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchredis< 7.0.12UNKNOWN

Related

nessus 18
openvas 13
fedora 3
alpinelinux 4
cvelist 4
ubuntucve 4
cve 4
freebsd 4
prion 4
veracode 4
debiancve 4
osv 10
nvd 4
redos 2
cbl_mariner 3
redhatcve 4
githubexploit 2
mageia 1
debian 1
photon 7
gentoo 1
ubuntu 1
ibm 3
oracle 1
ics 1
nessus
nessus
Fedora 38 : redis (2023-c406ba1ff6)
2023-07-19 00:00:00
Fedora 37 : redis (2023-800612d23a)
2023-07-19 00:00:00
FreeBSD : redis -- Potential remote code execution vulnerability (871d93f9-06aa-11ed-8d5f-080027f5fec9)
2022-07-18 00:00:00
openvas
openvas
Fedora: Security Advisory for redis (FEDORA-2023-c406ba1ff6)
2023-07-20 00:00:00
Fedora: Security Advisory for redis (FEDORA-2023-800612d23a)
2023-07-20 00:00:00
Redis 7.0.0 < 7.0.12 Heap Overflow Vulnerability
2023-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: redis-7.0.12-1.fc37
2023-07-19 04:21:00
[SECURITY] Fedora 38 Update: redis-7.0.12-1.fc38
2023-07-19 03:14:46
[SECURITY] Fedora 37 Update: redis-7.0.5-1.fc37
2022-09-26 00:18:31
alpinelinux
alpinelinux
CVE-2023-36824
2023-07-11 17:15:13
CVE-2022-31144
2022-07-19 21:15:15
CVE-2022-35951
2022-09-23 04:15:11
cvelist
cvelist
CVE-2023-36824 Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
2023-07-11 16:16:16
CVE-2022-31144 Potential heap overflow in Redis
2022-07-19 20:15:13
CVE-2022-35951 Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
2022-09-23 00:00:00
ubuntucve
ubuntucve
CVE-2022-35951
2022-09-23 00:00:00
CVE-2022-31144
2022-07-19 00:00:00
CVE-2023-36824
2023-07-11 00:00:00
cve
cve
CVE-2022-35951
2022-09-23 04:15:11
CVE-2022-31144
2022-07-19 21:15:15
CVE-2023-36824
2023-07-11 17:15:13
freebsd
freebsd
redis -- Potential remote code execution vulnerability
2022-09-21 00:00:00
redis -- Potential remote code execution vulnerability
2022-07-18 00:00:00
redis -- heap overflow in COMMAND GETKEYS and ACL evaluation
2023-07-10 00:00:00
prion
prion
Integer overflow
2022-09-23 04:15:00
Null pointer dereference
2022-07-19 21:15:00
Design/Logic Flaw
2023-07-11 17:15:00
veracode
veracode
Remote Code Execution (RCE)
2022-07-23 04:47:33
Remote Code Execution (RCE)
2023-08-06 17:09:29
Remote Code Execution (RCE)
2022-09-24 06:58:38
debiancve
debiancve
CVE-2022-31144
2022-07-19 21:15:15
CVE-2022-35951
2022-09-23 04:15:11
CVE-2023-36824
2023-07-11 17:15:13
osv
osv
CVE-2022-31144
2022-07-19 21:15:15
BIT-redis-2022-31144
2024-03-06 11:05:57
CVE-2023-36824
2023-07-11 17:15:13
nvd
nvd
CVE-2022-31144
2022-07-19 21:15:15
CVE-2023-36824
2023-07-11 17:15:13
CVE-2022-24834
2023-07-13 15:15:08
redos
redos
ROS-20230825-04
2023-08-25 00:00:00
ROS-20220929-02
2022-09-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-31144 affecting package redis 6.2.7-1
2023-03-02 04:18:33
CVE-2022-31144 affecting package redis for versions less than 6.2.9-1
2023-02-24 01:54:33
CVE-2022-24834 affecting package redis for versions less than 6.2.13-2
2023-09-27 18:02:50
redhatcve
redhatcve
CVE-2022-31144
2022-11-08 06:15:45
CVE-2022-35951
2022-09-26 04:48:59
CVE-2023-36824
2023-07-12 09:36:20
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Redis
2023-02-03 08:40:38
Exploit for Heap-based Buffer Overflow in Redis
2023-07-28 17:42:33
mageia
mageia
Updated redis packages fix security vulnerability
2023-08-23 22:56:41
debian
debian
[SECURITY] [DSA 5610-1] redis security update
2024-01-29 21:15:54
photon
photon
Critical Photon OS Security Update - PHSA-2022-0252
2022-09-28 00:00:00
Important Photon OS Security Update - PHSA-2022-0230
2022-08-17 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0613
2023-07-14 00:00:00
gentoo
gentoo
Redis: Multiple Vulnerabilities
2022-09-29 00:00:00
ubuntu
ubuntu
Redis vulnerabilities
2023-12-05 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift
2024-05-23 18:42:48
Security Bulletin: IBM Planning Analytics Workspace has addressed multiple vulnerabilities
2024-03-27 20:31:30
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
2024-02-28 21:45:52
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.029 Low

EPSS

Percentile

90.8%

JSON
Related for ROSA-SA-2023-2296
nessus18openvas13fedora3alpinelinux4cvelist4ubuntucve4cve4freebsd4prion4veracode4debiancve4osv10nvd4redos2cbl_mariner3redhatcve4githubexploit2mageia1debian1photon7gentoo1ubuntu1ibm3oracle1ics1