CVE-2022-24736
A Malformed Lua script can crash Redis
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
Redis es una base de datos en memoria que persiste en el disco. Antes de las versiones 6.2.7 y 7.0.0, un atacante que intente cargar un script Lua especialmente diseñado puede causar una derivación de puntero NULL que resultará en una caída del proceso del servidor Redis. El problema se ha solucionado en las versiones de Redis 7.0.0 y 6.2.7. Una solución adicional para mitigar este problema sin necesidad de parchear el ejecutable de redis-server, si no se utilizan scripts de Lua, es bloquear el acceso a los comandos `SCRIPT LOAD` y `EVAL` mediante reglas ACL
A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-10 CVE Reserved
- 2022-04-27 CVE Published
- 2023-12-03 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
https://github.com/redis/redis/releases/tag/6.2.7 | Release Notes | |
https://github.com/redis/redis/releases/tag/7.0.0 | Release Notes | |
https://security.netapp.com/advisory/ntap-20220715-0003 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/redis/redis/pull/10651 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpujul2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | < 6.2.7 Search vendor "Redis" for product "Redis" and version " < 6.2.7" | - |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | 7.0 Search vendor "Redis" for product "Redis" and version "7.0" | rc1 |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | 7.0 Search vendor "Redis" for product "Redis" and version "7.0" | rc2 |
Affected
| ||||||
Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | 7.0 Search vendor "Redis" for product "Redis" and version "7.0" | rc3 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Management Services For Element Software Search vendor "Netapp" for product "Management Services For Element Software" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Management Services For Netapp Hci Search vendor "Netapp" for product "Management Services For Netapp Hci" | - | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.3 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 4.4 Search vendor "Oracle" for product "Communications Operations Monitor" and version "4.4" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Communications Operations Monitor Search vendor "Oracle" for product "Communications Operations Monitor" | 5.0 Search vendor "Oracle" for product "Communications Operations Monitor" and version "5.0" | - |
Affected
|