Advisories » MGASA-2023-0246

Updated redis packages fix security vulnerability

Publication date: 23 Aug 2023
Modification date: 23 Aug 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-24834

Description

A specially crafted Lua script executing in Redis can trigger a heap
overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. (CVE-2022-24834)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32103
• https://github.com/redis/redis/releases/tag/6.0.20
• https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24834

SRPMS

8/core

• redis-6.0.20-1.mga8