Redis · Redis · CVE-2022-24834
**Name of the Vulnerable Software and Affected Versions**
Redis versions 2.6.0 through 6.0.19
Redis versions 6.2.0 through 6.2.12
Redis versions 7.0.0 through 7.0.11
**Description**
A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, resulting in heap corruption and potentially remote code execution. The issue affects only authenticated and authorized users.
**Recommendations**
For Redis versions 2.6.0 through 6.0.19, update to version 6.0.20 or later.
For Redis versions 6.2.0 through 6.2.12, update to version 6.2.13 or later.
For Redis versions 7.0.0 through 7.0.11, update to version 7.0.12 or later.