Back to bug 2221662
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Zack Miele | 2023-07-10 15:01:12 UTC | Depends On | 2221679, 2221676, 2221682, 2221672, 2221674, 2221678, 2221671, 2221677, 2221675, 2221681 | |
| Zack Miele | 2023-07-10 15:03:29 UTC | Depends On | 2221693, 2221692 | |
| TEJ RATHI | 2023-07-11 12:43:50 UTC | Summary | TRIAGE-CVE-2022-24834 dev-db/redis: Multiple vulnerabilities | TRIAGE-CVE-2022-24834 redis: heap overflow in the cjson and cmsgpack libraries |
| TEJ RATHI | 2023-07-11 12:44:21 UTC | Summary | TRIAGE-CVE-2022-24834 redis: heap overflow in the cjson and cmsgpack libraries | TRIAGE-CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries |
| TEJ RATHI | 2023-07-11 14:04:47 UTC | CC | acrosby, adudiak, agarcial, aileenc, amasferr, aoconnor, asegurap, bbuckingham, bcourt, bdettelb, caswilli, chazlett, crarobin, davidn, dffrench, dhalasz, ehelms, epacific, fjansen, gmalinko, gparvin, gzaronik, hkataria, janstey, jburrell, jcammara, jhardy, jmadigan, jmitchel, jneedle, jobarker, jsherril, jtanner, kaycoth, kshier, lzap, mabashia, mhulan, micjohns, mkleinhe, mkudlej, myarboro, ngough, njean, nmoumoul, nweather, oezr, orabin, osapryki, owatkins, pahickey, pamccart, pcreech, pdelbell, rchan, rgodfrey, simaishi, smcdonal, stcannon, sthirugn, teagle, tjochec, vkrizan, vmugicag, yguenane, zsadeh | |
| TEJ RATHI | 2023-07-11 14:57:52 UTC | Fixed In Version | redis-server 7.0.12 | redis 7.0.12, redis 6.2.13, redis 6.0.20 |
| TEJ RATHI | 2023-07-11 14:58:25 UTC | Comment | 0 | updated |
| TEJ RATHI | 2023-07-11 15:00:05 UTC | Depends On | 2222024, 2222025 | |
| TEJ RATHI | 2023-07-12 09:10:45 UTC | Doc Text | A heap-based buffer overflow issue was discovered in Redis. An attacker could trick an authenticated user to execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. | |
| TEJ RATHI | 2023-07-12 09:14:16 UTC | Alias | TRIAGE-CVE-2022-24834 | CVE-2022-24834 |
| Summary | TRIAGE-CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries | CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries | ||
| TEJ RATHI | 2023-07-12 09:17:45 UTC | Doc Text | A heap-based buffer overflow issue was discovered in Redis. An attacker could trick an authenticated user to execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. | A heap-based buffer overflow issue was discovered in Redis. An authenticated user/attacker could execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. |
| TEJ RATHI | 2023-07-12 09:21:02 UTC | Doc Text | A heap-based buffer overflow issue was discovered in Redis. An authenticated user/attacker could execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. | A heap-based buffer overflow issue was discovered in Redis. An attacker could trick authenticated user to execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. |
| RaTasha Tillery-Smith | 2023-07-12 14:06:39 UTC | Doc Text | A heap-based buffer overflow issue was discovered in Redis. An attacker could trick authenticated user to execute a specially crafted Lua script in Redis, triggering heap overflow in the cjson and cmsgpack libraries, which would result in heap corruption and potentially remote code execution. | A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code execution. |
Back to bug 2221662