vulnerability
FreeBSD: VID-0E254B4A-1F37-11EE-A475-080027F5FEC9 (CVE-2022-24834): redis -- Heap overflow in the cjson and cmsgpack libraries
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | 2023-07-10 | 2023-07-12 | 2025-01-28 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
2023-07-10
Added
2023-07-12
Modified
2025-01-28
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-0E254B4A-1F37-11EE-A475-080027F5FEC9:
Redis core team reports:
A specially crafted Lua script executing in Redis can
trigger a heap overflow in the cjson and cmsgpack
libraries, and result in heap corruption and potentially
remote code execution.
Solution(s)
freebsd-upgrade-package-redisfreebsd-upgrade-package-redis-develfreebsd-upgrade-package-redis60freebsd-upgrade-package-redis62
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.