CVE-2022-24834
published 2023-07-13CVE-2022-24834: Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and…
PriorityP271high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
42.92%
98.6th percentile
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | redis | < redis 5:7.0.15-1~deb12u1 (bookworm) | redis 5:7.0.15-1~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_redis_6.2.13-2_on_cbl_mariner_2.0 | — | — |
| ni | flexlogger | <= 23.2 | — |
| ni | flexlogger | <= 2023 | — |
| ni | flexlogger | — | — |
| ni | systemlink | <= 2024 | — |
| ni | systemlink | — | — |
| ni | systemlink_server | <= 24.1 | — |
| redis | redis | >= 0 < 5:6.0.16-1+deb11u3 | 5:6.0.16-1+deb11u3 |
| redis | redis | >= 0 < 5:7.0.15-1~deb12u1 | 5:7.0.15-1~deb12u1 |
| redis | redis | >= 0 < 5:7.0.12-1 | 5:7.0.12-1 |
| redis | redis | >= 0 < 5:7.0.12-1 | 5:7.0.12-1 |
| redis | redis | >= 0 < 2:2.8.4-2ubuntu0.2+esm3 | 2:2.8.4-2ubuntu0.2+esm3 |
| redis | redis | >= 0 < 2:3.0.6-1ubuntu0.4+esm2 | 2:3.0.6-1ubuntu0.4+esm2 |
| redis | redis | >= 0 < 5:4.0.9-1ubuntu0.2+esm4 | 5:4.0.9-1ubuntu0.2+esm4 |
| redis | redis | >= 0 < 5:5.0.7-2ubuntu0.1+esm2 | 5:5.0.7-2ubuntu0.1+esm2 |
| redis | redis | >= 0 < 5:6.0.16-1ubuntu1+esm1 | 5:6.0.16-1ubuntu1+esm1 |
| redis | redis | >= 2.6.0 < 6.0.20 | 6.0.20 |
| redis | redis | >= 6.2.0 < 6.2.13 | 6.2.13 |
| redis | redis | >= 7.0.0 < 7.0.12 | 7.0.12 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: a specially crafted Lua script executing in Redis triggers a heap overflow in the cjson or cmsgpack library, leading to heap corruption and potentially remote code execution ↗
- →Affected attack surface: EVAL and EVALSHA Redis commands used to submit malicious Lua scripts; restrict or monitor these commands via ACL ↗
- →Scope limited to authenticated and authorized Redis users; monitor for unusual Lua script execution by authenticated sessions ↗
- →Vulnerable libraries are cjson and cmsgpack within Redis's Lua scripting subsystem; heap overflow occurs in these libraries when processing crafted input ↗
- ·Vulnerability affects all Redis versions with Lua scripting support starting from 2.6; fixed versions are 7.0.12, 6.2.13, and 6.0.20 — ensure deployed Redis instances are patched to these versions or later ↗
- ·NI SystemLink Server 2024 Q1 and prior, and NI FlexLogger 2023 Q2 and prior, ship an out-of-date Redis and are affected ↗
- ·Debian bookworm fix is in package version 5:7.0.15-1~deb12u1; bullseye fix is in 5:6.0.16-1+deb11u3; forky/sid/trixie fix is in 5:7.0.12-1 ↗
- ·Red Hat rh-redis6-redis (Software Collections) and 3scale-amp-system-container are marked 'Will not fix'; factor this into risk acceptance decisions ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_msrc8.8HIGH
vendor_oracle8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Redis, Lua vulnerabilities
vendor_ubuntu·2026-04-13·CVSS 8.8
CVE-2025-49844 [HIGH] Redis, Lua vulnerabilities
Title: Redis, Lua vulnerabilities
Summary: Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop.
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449)
Seiya Nakata and Yud
CISA ICS
Siemens SCALANCE XCM-/XRM-300
cisa_ics·2024-02-15
Siemens SCALANCE XCM-/XRM-300
ICS Advisory
##
Siemens SCALANCE XCM-/XRM-300
Release DateFebruary 15, 2024
Alert CodeICSA-24-046-11
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE XCM-/XRM-300
- Vulnerabilities: Out-of-bounds Write, Incorrect Type Conversion or Cast, Improper Verification of Cryptographic Signature, Improper Access Control, Improper Authentication, Missing Encryption
Ubuntu
Redis vulnerabilities
vendor_ubuntu·2023-12-05·CVSS 7.0
CVE-2023-25155 [HIGH] Redis vulnerabilities
Title: Redis vulnerabilities
Summary: Several security issues were fixed in Redis.
Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled
certain specially crafted Lua scripts. An attacker could possibly use this
issue to cause heap corruption and execute arbitrary code.
(CVE-2022-24834)
SeungHyun Lee discovered that Redis incorrectly handled specially crafted
commands. An attacker could possibly use this issue to trigger an integer
overflow, which might cause Redis to allocate impossible amounts of memory,
resulting in a denial of service via an application crash. (CVE-2022-35977)
Tom Levy discovered that Redis incorrectly handled crafted string matching
patterns. An attacker could possibly use this issue to cause Redis to hang,
resulting in a denial of service. (CV
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Redis) — CVE-2022-24834
vendor_oracle·2023-10-15·CVSS 8.8
CVE-2022-24834 [HIGH] Oracle Oracle Communications Risk Matrix: Install/Upgrade (Redis) — CVE-2022-24834
Oracle Oracle Communications Risk Matrix: Install/Upgrade (Redis) vulnerability
CVE: CVE-2022-24834
CVSS: 8.8
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpuoct2023 (OCT 2023)
Microsoft
Heap overflow issue with the Lua cjson library used by Redis
vendor_msrc·2023-07-11·CVSS 8.8
CVE-2022-24834 [HIGH] CWE-122 Heap overflow issue with the Lua cjson library used by Redis
Heap overflow issue with the Lua cjson library used by Redis
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
GitHub_M: GitHub_M
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: ht
Red Hat
redis: heap overflow in the lua cjson and cmsgpack libraries
vendor_redhat·2023-07-10·CVSS 7.0
CVE-2022-24834 [HIGH] CWE-680 redis: heap overflow in the lua cjson and cmsgpack libraries
redis: heap overflow in the lua cjson and cmsgpack libraries
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code executi
Debian
CVE-2022-24834: redis - Redis is an in-memory database that persists on disk. A specially crafted Lua sc...
vendor_debian·2022·CVSS 7.0
CVE-2022-24834 [HIGH] CVE-2022-24834: redis - Redis is an in-memory database that persists on disk. A specially crafted Lua sc...
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Scope: local
bookworm: resolved (fixed in 5:7.0.15-1~deb12u1)
bullseye: resolved (fixed in 5:6.0.16-1+deb11u3)
forky: resolved (fixed in 5:7.0.12-1)
sid: resolved (fixed in 5:7.0.12-1)
trixie: resolved (fixed in 5:7.0.12-1)
GHSA
GHSA-hvf4-7c9q-m9rp: An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834
ghsa_unreviewed·2024-07-22·CVSS 7.0
CVE-2024-6121 [HIGH] GHSA-hvf4-7c9q-m9rp: An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
OSV
redis vulnerabilities
osv·2023-12-05·CVSS 8.8
CVE-2022-24834 [HIGH] redis vulnerabilities
redis vulnerabilities
Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled
certain specially crafted Lua scripts. An attacker could possibly use this
issue to cause heap corruption and execute arbitrary code.
(CVE-2022-24834)
SeungHyun Lee discovered that Redis incorrectly handled specially crafted
commands. An attacker could possibly use this issue to trigger an integer
overflow, which might cause Redis to allocate impossible amounts of memory,
resulting in a denial of service via an application crash. (CVE-2022-35977)
Tom Levy discovered that Redis incorrectly handled crafted string matching
patterns. An attacker could possibly use this issue to cause Redis to hang,
resulting in a denial of service. (CVE-2022-36021)
Yupeng Yang discovered that Redis incorrectly h
OSV
CVE-2022-24834: Redis is an in-memory database that persists on disk
osv·2023-07-13·CVSS 8.8
CVE-2022-24834 [HIGH] CVE-2022-24834: Redis is an in-memory database that persists on disk
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
No detection rules found.
No public exploits indexed.
https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838https://lists.fedoraproject.org/archives/list/[email protected]/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/https://lists.fedoraproject.org/archives/list/[email protected]/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/https://security.netapp.com/advisory/ntap-20230814-0006/https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838https://lists.fedoraproject.org/archives/list/[email protected]/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/https://lists.fedoraproject.org/archives/list/[email protected]/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/https://security.netapp.com/advisory/ntap-20230814-0006/
2023-07-13
Published