vulnerability

FreeBSD: VID-0E254B4A-1F37-11EE-A475-080027F5FEC9 (CVE-2022-24834): redis -- Heap overflow in the cjson and cmsgpack libraries

Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
2023-07-10
Added
2023-07-12
Modified
2025-01-28

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-0E254B4A-1F37-11EE-A475-080027F5FEC9:




Redis core team reports:




A specially crafted Lua script executing in Redis can


trigger a heap overflow in the cjson and cmsgpack


libraries, and result in heap corruption and potentially


remote code execution.





Solution(s)

freebsd-upgrade-package-redisfreebsd-upgrade-package-redis-develfreebsd-upgrade-package-redis60freebsd-upgrade-package-redis62
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.