// For flags

CVE-2022-0543

Debian-specific Redis Server Lua Sandbox Escape Vulnerability

Severity Score

10.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Se ha detectado que redis, una base de datos persistente de valores clave, debido a un problema de empaquetado, es propenso a un escape del sandbox de Lua (específico de Debian), que podría resultar en una ejecución de código remota

Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-02-08 CVE Reserved
  • 2022-02-18 CVE Published
  • 2022-03-28 Exploited in Wild
  • 2022-04-18 KEV Due Date
  • 2022-07-23 First Exploit
  • 2024-09-16 CVE Updated
  • 2024-11-03 EPSS Updated
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redis
Search vendor "Redis"
Redis
Search vendor "Redis" for product "Redis"
--
Affected
in Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
20.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"
lts
Safe
Redis
Search vendor "Redis"
Redis
Search vendor "Redis" for product "Redis"
--
Affected
in Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
21.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "21.10"
-
Safe
Redis
Search vendor "Redis"
Redis
Search vendor "Redis" for product "Redis"
--
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Safe
Redis
Search vendor "Redis"
Redis
Search vendor "Redis" for product "Redis"
--
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Safe
Redis
Search vendor "Redis"
Redis
Search vendor "Redis" for product "Redis"
--
Affected
in Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Safe