Source |
CVE Liste |
Identifiant |
4514800 |
Date de publication |
2022-04-27 20:15:09 (vue: 2022-04-27 23:08:48) |
Titre |
CVE-2022-24736 |
Texte |
Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0, 6.2.X and 6.0.X. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. |
Envoyé |
Oui |
Condensat |
2022 24736 `eval` `script access acl additional attacker attempting being block can cause commands crafted crash cve database dereference disk executable fixed load load` lua memory mitigate not null patching persists pointer prior problem process redis result rules script scripting server specially used using versions which will without workaround |
Tags |
Patching
|
Stories |
|
Notes |
|
Move |
|