CVE-2022-24834
Heap overflow issue with the Lua cjson library used by Redis
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution.
Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2022-02-10 CVE Reserved
- 2023-07-13 CVE Published
- 2023-07-28 First Exploit
- 2025-02-13 CVE Updated
- 2025-04-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-122: Heap-based Buffer Overflow
- CWE-680: Integer Overflow to Buffer Overflow
CAPEC
References (8)
| URL | Date | SRC |
|---|---|---|
| https://github.com/convisolabs/CVE-2022-24834 | 2023-07-28 | |
| https://github.com/DukeSec97/CVE-2022-24834- | 2024-08-18 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838 | 2023-08-14 | |
| https://access.redhat.com/security/cve/CVE-2022-24834 | 2025-01-27 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2221662 | 2025-01-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 2.6.0 < 6.0.20 Search vendor "Redis" for product "Redis" and version " >= 2.6.0 < 6.0.20" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 6.2.0 < 6.2.13 Search vendor "Redis" for product "Redis" and version " >= 6.2.0 < 6.2.13" | - |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.0.0 < 7.0.12 Search vendor "Redis" for product "Redis" and version " >= 7.0.0 < 7.0.12" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||