vulnerability
Amazon Linux AMI 2: CVE-2022-24736: Security patch for redis (ALASREDIS6-2023-003)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:N/I:N/A:P) | 2022-04-27 | 2023-09-28 | 2023-09-28 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Published
2022-04-27
Added
2023-09-28
Modified
2023-09-28
Description
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
Solution(s)
amazon-linux-ami-2-upgrade-redisamazon-linux-ami-2-upgrade-redis-debuginfoamazon-linux-ami-2-upgrade-redis-develamazon-linux-ami-2-upgrade-redis-doc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.