Bug 1213193 (CVE-2022-24834) - VUL-0: CVE-2022-24834: redis: heap overflow in the cjson and cmsgpack libraries
Summary: VUL-0: CVE-2022-24834: redis: heap overflow in the cjson and cmsgpack libraries
Status: RESOLVED FIXED
Alias: CVE-2022-24834
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/371742/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-24834:7.0:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-11 05:38 UTC by Alexander Bergmann
Modified: 2023-08-31 10:34 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2023-07-11 05:38:11 UTC 
CVE-2022-24834

CVE-2022-24834 - A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24834
https://bugzilla.redhat.com/show_bug.cgi?id=2221662
Comment 4 Maintenance Automation 2023-07-20 20:40:08 UTC 
SUSE-SU-2023:2925-1: An update that solves six vulnerabilities can now be installed.

Category: security (important)
Bug References: 1208790, 1208793, 1209528, 1210548, 1213193, 1213249
CVE References: CVE-2022-24834, CVE-2022-36021, CVE-2023-25155, CVE-2023-28425, CVE-2023-28856, CVE-2023-36824
Sources used:
openSUSE Leap 15.5 (src): redis7-7.0.8-150500.3.3.1
Server Applications Module 15-SP5 (src): redis7-7.0.8-150500.3.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Maintenance Automation 2023-07-20 20:40:11 UTC 
SUSE-SU-2023:2924-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1213193
CVE References: CVE-2022-24834
Sources used:
openSUSE Leap 15.4 (src): redis-6.2.6-150400.3.22.1
openSUSE Leap 15.5 (src): redis-6.2.6-150400.3.22.1
Server Applications Module 15-SP4 (src): redis-6.2.6-150400.3.22.1
Server Applications Module 15-SP5 (src): redis-6.2.6-150400.3.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2023-08-23 20:30:07 UTC 
SUSE-SU-2023:3407-1: An update that solves two vulnerabilities can now be installed.

Category: security (moderate)
Bug References: 1210548, 1213193
CVE References: CVE-2022-24834, CVE-2023-28856
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Real Time 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): redis-6.0.14-150200.6.26.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Proxy 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Retail Branch Server 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Manager Server 4.2 (src): redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7.1 (src): redis-6.0.14-150200.6.26.1
SUSE Enterprise Storage 7 (src): redis-6.0.14-150200.6.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.