One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 4514800 |
| Date de publication | 2022-04-27 20:15:09 (vue: 2022-04-27 23:08:48) |
| Titre | CVE-2022-24736 |
| Texte | Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0, 6.2.X and 6.0.X. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. |
| Envoyé | Oui |
| Condensat | 2022 24736 `eval` `script access acl additional attacker attempting being block can cause commands crafted crash cve database dereference disk executable fixed load load` lua memory mitigate not null patching persists pointer prior problem process redis result rules script scripting server specially used using versions which will without workaround |
| Tags | Patching |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.