Bug 1213193 (CVE-2022-24834)

Summary: VUL-0: CVE-2022-24834: redis: heap overflow in the cjson and cmsgpack libraries
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: cathy.hu, danilo.spinella, security-team, stoyan.manolov
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/371742/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-24834:7.0:(AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2023-07-11 05:38:11 UTC 
CVE-2022-24834

CVE-2022-24834 - A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24834
https://bugzilla.redhat.com/show_bug.cgi?id=2221662
Comment 4 Maintenance Automation 2023-07-20 20:40:08 UTC 
SUSE-SU-2023:2925-1: An update that solves six vulnerabilities can now be installed.

Category: security (important)
Bug References: 1208790, 1208793, 1209528, 1210548, 1213193, 1213249
CVE References: CVE-2022-24834, CVE-2022-36021, CVE-2023-25155, CVE-2023-28425, CVE-2023-28856, CVE-2023-36824
Sources used:
openSUSE Leap 15.5 (src): redis7-7.0.8-150500.3.3.1
Server Applications Module 15-SP5 (src): redis7-7.0.8-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2023-07-20 20:40:11 UTC 
SUSE-SU-2023:2924-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213193
CVE References: CVE-2022-24834
Sources used:
openSUSE Leap 15.4 (src): redis-6.2.6-150400.3.22.1
openSUSE Leap 15.5 (src): redis-6.2.6-150400.3.22.1
Server Applications Module 15-SP4 (src): redis-6.2.6-150400.3.22.1
Server Applications Module 15-SP5 (src): redis-6.2.6-150400.3.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-08-23 20:30:07 UTC 
SUSE-SU-2023:3407-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1210548, 1213193
CVE References: CVE-2022-24834, CVE-2023-28856
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Real Time 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Proxy 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Retail Branch Server 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Server 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7.1 (src): redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7 (src): redis-6.0.14-150200.6.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.