MGASA-2023-0246 Updated redis packages fix security vulnerability

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...

Updated redis packages fix security vulnerability

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-291)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-291 advisory. A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap...

Important: redis6

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

OESA-2023-1458 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes,lists, sets anorted sets. Security Fixes: Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflo...

New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods

The P2PInfect peer-to-peer P2 worm has been observed employing previously undocumented initial access methods to breach susceptible Redis servers and rope them into a botnet. "The malware compromises exposed instances of the Redis data store by exploiting the replication feature," Cado Security...

Exploit for Heap-based Buffer Overflow in Redis

Improvement of CVE-2022-24834 public exploit Author Convi...

Important Photon OS Security Update - PHSA-2023-3.0-0620

Updates of 'lua', 'wireshark', 'grub2' packages of Photon OS have been released...

Heap overflow issue with the Lua cjson library used by Redis

...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to arbitrary code execution due to [CVE-2022-28805]

Summary Lua is not used directly by IBM App Connect Enterprise Certified Container at runtime, but is present in the Dashboard operand images. Lua is vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Lua. CVE-2022-28805...

Remote Code Execution (RCE)

suricata is vulnerable to Remote Code Execution RCE. Lack of proper checking user input allows an attacker who controls an external source of Lua rules to upload and execute malicious code on the system...

SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2924-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2924-1 advisory. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap...

New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems

Cybersecurity researchers have uncovered a new cloud targeting, peer-to-peer P2P worm called P2PInfect that targets vulnerable Redis instances for follow-on exploitation. "P2PInfect exploits Redis servers running on both Linux and Windows Operating Systems making it more scalable and potent than...

Fedora 38 : redis (2023-c406ba1ff6)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c406ba1ff6 advisory. Redis 7.0.12 - Released Mon July 10 12:00:00 IDT 2023 Upgrade urgency SECURITY: See security fixes below. Security Fixes: CVE-2022-24834 A specially...

Fedora 37 : redis (2023-800612d23a)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-800612d23a advisory. Redis 7.0.12 - Released Mon July 10 12:00:00 IDT 2023 Upgrade urgency SECURITY: See security fixes below. Security Fixes: CVE-2022-24834 A specially...

ALPINE-CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

DEBIAN-CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

AZL-27477 CVE-2022-24834 affecting package redis for versions less than 6.2.13-2

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

Null pointer dereference

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

UBUNTU-CVE-2022-24834

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...