vulnerability
FreeBSD: VID-0E254B4A-1F37-11EE-A475-080027F5FEC9 (CVE-2022-24834): redis -- Heap overflow in the cjson and cmsgpack libraries
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jul 10, 2023 | Jul 12, 2023 | Jan 28, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Jul 10, 2023
Added
Jul 12, 2023
Modified
Jan 28, 2025
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-0E254B4A-1F37-11EE-A475-080027F5FEC9:
Redis core team reports:
A specially crafted Lua script executing in Redis can
trigger a heap overflow in the cjson and cmsgpack
libraries, and result in heap corruption and potentially
remote code execution.
Solution(s)
freebsd-upgrade-package-redisfreebsd-upgrade-package-redis-develfreebsd-upgrade-package-redis60freebsd-upgrade-package-redis62
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.