PT-2023-6480 · Redis+10 · Redis+10

Seiya Nakata

Published

2023-07-10

Updated

2026-05-18

CVE-2022-24834

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Redis versions 2.6.0 through 6.0.19 Redis versions 6.2.0 through 6.2.12 Redis versions 7.0.0 through 7.0.11

Description A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, resulting in heap corruption and potentially remote code execution. The issue affects only authenticated and authorized users.

Recommendations For Redis versions 2.6.0 through 6.0.19, update to version 6.0.20 or later. For Redis versions 6.2.0 through 6.2.12, update to version 6.2.13 or later. For Redis versions 7.0.0 through 7.0.11, update to version 7.0.12 or later.

Exploit

Fix

DoS

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-680

Related Identifiers

ALSA-2024_10869

ALSA-2025:0595

ALSA-2025:0693

ALSA-2025_0595

ALSA-2025_0693

ALSA-2025_12006

ALSA-2025_12008

ALSA-2025_16880

ALSA-2025_19237

ALSA-2025_19238

ALSA-2025_19345

ALSA-2025_20926

ALSA-2025_20955

ALSA-2025_21916

ALSA-2025_7429

ALSA-2025_7438

ALT-PU-2023-4982

ALT-PU-2023-5229

ALT-PU-2023-5230

ALT-PU-2023-5487

ALT-PU-2025-11673

ALT-PU-2025-13204

AZL-27477

BDU:2023-07213

BIT-KEYDB-2022-24834

BIT-REDIS-2022-24834

BIT-VALKEY-2022-24834

CESA-2025_0595

CLEANSTART-2026-AF35851

CLEANSTART-2026-AV02020

CLEANSTART-2026-BX37171

CLEANSTART-2026-CJ12020

CLEANSTART-2026-CU71831

CLEANSTART-2026-DI78859

CLEANSTART-2026-DL37890

CLEANSTART-2026-EL98096

CLEANSTART-2026-FR00621

CLEANSTART-2026-GJ95666

CLEANSTART-2026-IR62391

CLEANSTART-2026-JR53141

CLEANSTART-2026-JU65303

CLEANSTART-2026-LU31244

CLEANSTART-2026-MJ64494

CLEANSTART-2026-MZ27698

CLEANSTART-2026-NG71279

CLEANSTART-2026-PR27884

CLEANSTART-2026-QK48981

CLEANSTART-2026-QX99194

CLEANSTART-2026-RA63757

CLEANSTART-2026-RF40424

CLEANSTART-2026-SG88217

CLEANSTART-2026-UA95882

CLEANSTART-2026-WI17406

CLEANSTART-2026-XH31600

CLEANSTART-2026-YM75307

CVE-2022-24834

DLA-3885-1

DSA-5610-1

ELSA-2025-0595

ELSA-2025-0693

GHSA-P8X2-9V9Q-C838

INFSA-2025_0595

INFSA-2025_0693

MGASA-2023-0246

OESA-2023-1458

OPENSUSE-SU-2023_2924-1

OPENSUSE-SU-2023_2925-1

OPENSUSE-SU-2024:13047-1

RHSA-2025:0595

RHSA-2025:0693

RHSA-2025_0595

RHSA-2025_0693

RLSA-2025:0595

RLSA-2025:0693

RLSA-2025_0595

RLSA-2025_0693

ROSA-SA-2023-2296

SUSE-SU-2023:2924-1

SUSE-SU-2023:2925-1

SUSE-SU-2023:3407-1

SUSE-SU-2023_2924-1

SUSE-SU-2023_2925-1

SUSE-SU-2023_3407-1

USN-6531-1

USN-8169-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Redis

Rocky Linux

Suse

Ubuntu

PT-2023-6480 · Redis+10 · Redis+10

CVE-2022-24834

Weakness Enumeration

Related Identifiers

Affected Products

References · 249