CVE-2022-24834

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-122
View all →

Vulnerability Description

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Related Vulnerabilities

CVE-2015-6457

HIGH
CVSS:8.8(High)

Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability.

CWE-1222015

CVE-2016-9580

HIGH
CVSS:8.8(High)

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

CWE-1222016

CVE-2016-9581

HIGH
CVSS:8.8(High)

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

CWE-1222016

CVE-2017-12704

HIGH
CVSS:8.8(High)

A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validatio...

CWE-1222017

CVE-2017-13090

HIGH
CVSS:8.8(High)

The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but does...

CWE-1222017

CVE-2017-6037

HIGH
CVSS:8.8(High)

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run ...

CWE-1222017