PT-2023-6480 · Redis+10 · Redis+10

Seiya Nakata

+1

·

Publicado

2023-07-10

·

Atualizado

2026-05-18

·

CVE-2022-24834

CVSS v2.0

9.0

Alta

VetorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Redis versions 2.6.0 through 6.0.19 Redis versions 6.2.0 through 6.2.12 Redis versions 7.0.0 through 7.0.11
Description A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, resulting in heap corruption and potentially remote code execution. The issue affects only authenticated and authorized users.
Recommendations For Redis versions 2.6.0 through 6.0.19, update to version 6.0.20 or later. For Redis versions 6.2.0 through 6.2.12, update to version 6.2.13 or later. For Redis versions 7.0.0 through 7.0.11, update to version 7.0.12 or later.

Exploit

Correção

DoS

RCE

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-680

Identificadores relacionados

ALSA-2024_10869
ALSA-2025:0595
ALSA-2025:0693
ALSA-2025_0595
ALSA-2025_0693
ALSA-2025_12006
ALSA-2025_12008
ALSA-2025_16880
ALSA-2025_19237
ALSA-2025_19238
ALSA-2025_19345
ALSA-2025_20926
ALSA-2025_20955
ALSA-2025_21916
ALSA-2025_7429
ALSA-2025_7438
ALT-PU-2023-4982
ALT-PU-2023-5229
ALT-PU-2023-5230
ALT-PU-2023-5487
ALT-PU-2025-11673
ALT-PU-2025-13204
AZL-27477
BDU:2023-07213
BIT-KEYDB-2022-24834
BIT-REDIS-2022-24834
BIT-VALKEY-2022-24834
CESA-2025_0595
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2022-24834
DLA-3885-1
DSA-5610-1
ELSA-2025-0595
ELSA-2025-0693
GHSA-P8X2-9V9Q-C838
INFSA-2025_0595
INFSA-2025_0693
MGASA-2023-0246
OESA-2023-1458
OPENSUSE-SU-2023_2924-1
OPENSUSE-SU-2023_2925-1
OPENSUSE-SU-2024:13047-1
RHSA-2025:0595
RHSA-2025:0693
RHSA-2025_0595
RHSA-2025_0693
RLSA-2025:0595
RLSA-2025:0693
RLSA-2025_0595
RLSA-2025_0693
ROSA-SA-2023-2296
SUSE-SU-2023:2924-1
SUSE-SU-2023:2925-1
SUSE-SU-2023:3407-1
SUSE-SU-2023_2924-1
SUSE-SU-2023_2925-1
SUSE-SU-2023_3407-1
USN-6531-1
USN-8169-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Redis
Rocky Linux
Suse
Ubuntu