Lucene search
RedHatRHSA-2022:8096HistoryNov 15, 2022 - 6:15 a.m.
(RHSA-2022:8096) Low: redis security and bug fix update
2022-11-1506:15:29
access.redhat.com
14
redis
data-structure server
performance
in-memory
code injection
lua script
security issue
cvss score
red hat enterprise linux
0.002 Low
EPSS
Percentile
60.1%
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
-
redis: Code injection via Lua script execution environment (CVE-2022-24735)
-
redis: Malformed Lua script can crash Redis (CVE-2022-24736)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 9 | aarch64 | redis-debuginfo | < 6.2.7-1.el9 | redis-debuginfo-6.2.7-1.el9.aarch64.rpm |
| RedHat | 9 | s390x | redis-devel | < 6.2.7-1.el9 | redis-devel-6.2.7-1.el9.s390x.rpm |
| RedHat | 9 | i686 | redis-devel | < 6.2.7-1.el9 | redis-devel-6.2.7-1.el9.i686.rpm |
| RedHat | 9 | i686 | redis-debugsource | < 6.2.7-1.el9 | redis-debugsource-6.2.7-1.el9.i686.rpm |
| RedHat | 9 | ppc64le | redis | < 6.2.7-1.el9 | redis-6.2.7-1.el9.ppc64le.rpm |
| RedHat | 9 | aarch64 | redis-devel | < 6.2.7-1.el9 | redis-devel-6.2.7-1.el9.aarch64.rpm |
| RedHat | 9 | s390x | redis-debuginfo | < 6.2.7-1.el9 | redis-debuginfo-6.2.7-1.el9.s390x.rpm |
| RedHat | 9 | i686 | redis-debuginfo | < 6.2.7-1.el9 | redis-debuginfo-6.2.7-1.el9.i686.rpm |
| RedHat | 9 | x86_64 | redis-debuginfo | < 6.2.7-1.el9 | redis-debuginfo-6.2.7-1.el9.x86_64.rpm |
| RedHat | 9 | ppc64le | redis-debugsource | < 6.2.7-1.el9 | redis-debugsource-6.2.7-1.el9.ppc64le.rpm |
Related
nessus
nessus
FreeBSD : redis -- Multiple vulnerabilities (cc42db1c-c65f-11ec-ad96-0800270512f4)
2022-04-28 00:00:00
Rocky Linux 8 : redis:6 (RLSA-2022:7541)
2022-12-07 00:00:00
AlmaLinux 9 : redis (ALSA-2022:8096)
2022-11-19 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:1929-1)
2022-06-03 00:00:00
Mageia: Security Advisory (MGASA-2022-0339)
2022-09-22 00:00:00
Redis < 6.2.7 Multiple Vulnerabilities
2022-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: redis-6.2.7-1.fc35
2022-05-08 01:50:16
[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36
2022-05-07 05:14:45
[SECURITY] Fedora 34 Update: redis-6.2.7-1.fc34
2022-05-08 02:04:05
osv
osv
Low: redis security and bug fix update
2022-11-15 00:00:00
Low: redis:6 security, bug fix, and enhancement update
2022-11-08 00:00:00
Low: redis:6 security, bug fix, and enhancement update
2022-11-08 06:22:23
almalinux
almalinux
Low: redis:6 security, bug fix, and enhancement update
2022-11-08 00:00:00
Low: redis security and bug fix update
2022-11-15 00:00:00
rocky
rocky
redis security and bug fix update
2022-11-15 06:15:29
redis:6 security, bug fix, and enhancement update
2022-11-08 06:22:23
suse
suse
Security update for redis (moderate)
2022-06-02 00:00:00
Security update for redis (moderate)
2022-05-25 00:00:00
mageia
mageia
Updated redis packages fix security vulnerability
2022-09-21 21:15:27
freebsd
freebsd
redis -- Multiple vulnerabilities
2022-04-27 00:00:00
ibm
ibm
oraclelinux
oraclelinux
redis:6 security, bug fix, and enhancement update
2022-11-15 00:00:00
redis security and bug fix update
2022-11-22 00:00:00
redhat
redhat
(RHSA-2022:7541) Low: redis:6 security, bug fix, and enhancement update
2022-11-08 06:22:23
debiancve
debiancve
CVE-2022-24735
2022-04-27 20:15:09
CVE-2022-24736
2022-04-27 20:15:09
redhatcve
redhatcve
CVE-2022-24735
2022-04-29 12:57:43
CVE-2022-24736
2022-04-29 12:59:23
prion
prion
Design/Logic Flaw
2022-04-27 20:15:00
Null pointer dereference
2022-04-27 20:15:00
cbl_mariner
cbl_mariner
CVE-2022-24735 affecting package redis 5.0.14-1
2022-07-14 20:59:56
CVE-2022-24735 affecting package redis for versions less than 6.2.7-1
2022-06-26 03:29:33
CVE-2022-24736 affecting package redis 5.0.14-1
2022-07-14 20:59:56
alpinelinux
alpinelinux
CVE-2022-24735
2022-04-27 20:15:09
CVE-2022-24736
2022-04-27 20:15:09
veracode
veracode
Remote Code Execution (RCE)
2022-05-05 02:28:50
Denial Of Service (DoS)
2022-05-05 02:25:47
nvd
nvd
CVE-2022-24735
2022-04-27 20:15:09
CVE-2022-24736
2022-04-27 20:15:09
ubuntucve
ubuntucve
CVE-2022-24735
2022-04-27 00:00:00
CVE-2022-24736
2022-04-27 00:00:00
cve
cve
CVE-2022-24735
2022-04-27 20:15:09
CVE-2022-24736
2022-04-27 20:15:09
cvelist
cvelist
CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
2022-04-27 19:43:27
CVE-2022-24736 A Malformed Lua script can crash Redis
2022-04-27 19:55:10
photon
photon
Important Photon OS Security Update - PHSA-2022-0183
2022-05-14 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0183
2022-05-14 00:00:00
Important Photon OS Security Update - PHSA-2022-0393
2022-05-14 00:00:00
gentoo
gentoo
Redis: Multiple Vulnerabilities
2022-09-29 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00