Bug 1198953 - (CVE-2022-24736) VUL-0: CVE-2022-24736: redis: Lua NULL pointer dereference
(CVE-2022-24736)
VUL-0: CVE-2022-24736: redis: Lua NULL pointer dereference
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
E-mail List
CVSSv3.1:SUSE:CVE-2022-24736:3.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-04-27 21:14 UTC by Andreas Stieger
Modified: 2022-06-02 19:18 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2022-04-27 21:14:44 UTC
In Redis before 6.2.7, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the
redis-server process.

References:
https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES
Comment 1 Andreas Stieger 2022-04-27 21:23:58 UTC
bump to 6.2.7 https://build.opensuse.org/request/show/973269
Comment 5 Swamp Workflow Management 2022-05-25 16:16:10 UTC
SUSE-SU-2022:1842-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1198952,1198953
CVE References: CVE-2022-24735,CVE-2022-24736
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    redis-6.0.14-150200.6.11.1
SUSE Linux Enterprise Module for Server Applications 15-SP3 (src):    redis-6.0.14-150200.6.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2022-06-02 19:18:46 UTC
SUSE-SU-2022:1929-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1198952,1198953
CVE References: CVE-2022-24735,CVE-2022-24736
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    redis-6.2.6-150400.3.3.7
SUSE Linux Enterprise Module for Server Applications 15-SP4 (src):    redis-6.2.6-150400.3.3.7

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.