FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Heap overflow in the cjson and cmsgpack libraries

Affected packages
redis < 7.0.12
redis-devel < 7.0.12.20230710
redis62 < 6.2.13
redis60 < 6.0.20

Details

VuXML ID 0e254b4a-1f37-11ee-a475-080027f5fec9
Discovery 2023-07-10
Entry 2023-07-10

Redis core team reports:

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution.

[source]

References

CVE Name CVE-2022-24834
URL https://groups.google.com/g/redis-db/c/JDjKS0GubsQ

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.