PT-2022-2525 · Redis+8 · Redis+8

Published

2022-04-27

·

Updated

2026-05-18

·

CVE-2022-24736

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Redis versions prior to 6.2.7 and 7.0.0
Description The issue is related to errors in pointer dereferencing. An attacker can exploit this by loading a specially crafted Lua script, causing a NULL pointer dereference that results in a crash of the redis-server process.
Recommendations For versions prior to 6.2.7 and 7.0.0, update to version 6.2.7 or 7.0.0 to resolve the issue. As a temporary workaround, if Lua scripting is not being used, consider blocking access to SCRIPT LOAD and EVAL commands using ACL rules to mitigate the problem without patching the redis-server executable.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2022:7541
ALSA-2022:8096
ALT-PU-2023-1049
ALT-PU-2023-4109
ALT-PU-2023-4137
ALT-PU-2023-4153
AZL-45357
AZL-71176
AZL-9599
BDU:2022-02940
BIT-KEYDB-2022-24736
BIT-REDIS-2022-24736
BIT-VALKEY-2022-24736
CESA-2022_7541
CLEANSTART-2026-AF35851
CLEANSTART-2026-AV02020
CLEANSTART-2026-BX37171
CLEANSTART-2026-CJ12020
CLEANSTART-2026-CU71831
CLEANSTART-2026-DI78859
CLEANSTART-2026-DL37890
CLEANSTART-2026-EL98096
CLEANSTART-2026-FR00621
CLEANSTART-2026-GJ95666
CLEANSTART-2026-IR62391
CLEANSTART-2026-JR53141
CLEANSTART-2026-JU65303
CLEANSTART-2026-LU31244
CLEANSTART-2026-MJ64494
CLEANSTART-2026-MZ27698
CLEANSTART-2026-NG71279
CLEANSTART-2026-PR27884
CLEANSTART-2026-QK48981
CLEANSTART-2026-QX99194
CLEANSTART-2026-RA63757
CLEANSTART-2026-RF40424
CLEANSTART-2026-SG88217
CLEANSTART-2026-UA95882
CLEANSTART-2026-WI17406
CLEANSTART-2026-XH31600
CLEANSTART-2026-YM75307
CVE-2022-24736
GHSA-3QPW-7686-5984
INFSA-2022_8096
MGASA-2022-0339
OESA-2022-1823
OESA-2025-1157
OPENSUSE-SU-2022_1842-1
OPENSUSE-SU-2022_1929-1
OPENSUSE-SU-2024:12030-1
RHSA-2022:7541
RHSA-2022:8096
RHSA-2022_7541
RHSA-2022_8096
RLSA-2022:7541
RLSA-2022:8096
SUSE-SU-2022:1842-1
SUSE-SU-2022:1929-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Red Hat
Redis
Rocky Linux
Suse