CLSA-2026-1777976277 Fix CVE(s): CVE-2022-24834

SECURITY UPDATE: Integer overflow in Lua cmsgpack library - debian/patches/CVE-2022-24834.patch: partial backport hardening deps/lua/src/luacmsgpack.c against integer overflows in mpbufappend and the encode/decode helpers cmsgpack-only; the cjson half of the upstream fix is dead code under...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

ROS-20240726-03

A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: heap overflow in the l...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 Note that Nessus has not tested for this issue but...

RHEL 9 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 - Redis is an in-memory...

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Mageia: Security Advisory (MGASA-2023-0246)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated redis packages fix security vulnerability

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...

Remote Code Execution (RCE)

redis is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Redis handles cJSON and cmsgpack libraries. An attacker can exploit this vulnerability to cause Redis to crash or to execute arbitrary code...

SUSE-SU-2023:2924-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries bsc1213193...

FreeBSD : redis -- Heap overflow in the cjson and cmsgpack libraries (0e254b4a-1f37-11ee-a475-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0e254b4a-1f37-11ee-a475-080027f5fec9 advisory. - Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflo...

redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...

SUSE CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

Redis Lua Subsystem Buffer Overflow Vulnerability

Redis is the United States Redis Labs, Inc. sponsored by a set of open source written in ANSI C, support for the network , memory-based can also be persistent log-type , key-value Key-Value storage database , and provides a variety of languages API. Lua subsystem is one of the subsystems that...