CLSA-2026-1777976277 Fix CVE(s): CVE-2022-24834

SECURITY UPDATE: Integer overflow in Lua cmsgpack library - debian/patches/CVE-2022-24834.patch: partial backport hardening deps/lua/src/luacmsgpack.c against integer overflows in mpbufappend and the encode/decode helpers cmsgpack-only; the cjson half of the upstream fix is dead code under...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

ROS-20240726-03

A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: heap overflow in the l...

RHEL 8 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - redis: Redis SORTRO may bypass ACL configuration CVE-2023-41053 Note that Nessus has not tested for this issue but...

RHEL 9 : redis (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - redis: heap overflow in the lua cjson and cmsgpack libraries CVE-2022-24834 - Redis is an in-memory...

The vulnerability of the cjson and cmsgpack libraries of the Redis database management system allows a attacker to execute arbitrary code.

The vulnerability of the cjson and cmsgpack libraries used by the Redis database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created Lua script...

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Mageia: Security Advisory (MGASA-2023-0246)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated redis packages fix security vulnerability

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. CVE-2022-24834...

Remote Code Execution (RCE)

redis is vulnerable to Remote Code Execution RCE. This vulnerability occurs due to a flaw in the way that Redis handles cJSON and cmsgpack libraries. An attacker can exploit this vulnerability to cause Redis to crash or to execute arbitrary code...

SUSE-SU-2023:2924-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries bsc1213193...

redis -- Heap overflow in the cjson and cmsgpack libraries

Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution...

FreeBSD : redis -- Heap overflow in the cjson and cmsgpack libraries (0e254b4a-1f37-11ee-a475-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0e254b4a-1f37-11ee-a475-080027f5fec9 advisory. - Redis core team reports: A specially crafted Lua script executing in Redis can trigger a heap overflo...

SUSE CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

CVE-2018-11218

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...

The vulnerability of the cmsgpack library in the Lua subsystem of the Redis database management system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cmsgpack library in the Lua subsystem of the Redis database management system arises due to an overflow of the buffer on the stack. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

redis: Heap corruption in lua_cmsgpack.c

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows...