← Back

CVE-2022-24736

nvd nist
Published: Apr 27, 2022Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.

Affected (12)

Show all products
Redis: Redis · Fedoraproject: Fedora · Netapp: Management Services For Element Software, Management Services For Netapp Hci · Oracle: Communications Operations Monitor
Redis
1 product
Redis
Fedoraproject
1 product
Fedora
Netapp
2 products
Management Services For Element Software
Management Services For Netapp Hci
Oracle
1 product
Communications Operations Monitor
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Redis
Redis
Before 6.2.7
Redis
Version 7.0 rc1
Redis
Version 7.0 rc2
Redis
Version 7.0 rc3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 34
Fedora
Version 35
Fedora
Version 36
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Management Services For Element Software
All versions
Management Services For Netapp Hci
All versions
Configuration D
3 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Communications Operations Monitor
Version 4.3
Communications Operations Monitor
Version 4.4
Communications Operations Monitor
Version 5.0

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (20)

Source: security-advisories@github.com
ExploitThird Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
Release NotesThird Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.