Bugzilla – Bug 1198953
VUL-0: CVE-2022-24736: redis: Lua NULL pointer dereference
Last modified: 2023-01-25 19:17:22 UTC
In Redis before 6.2.7, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. References: https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES
bump to 6.2.7 https://build.opensuse.org/request/show/973269
affected: SUSE:SLE-15-SP2:Update SUSE:SLE-15-SP4:Update SUSE:SLE-15-SP4:GA openSUSE:Backports:SLE-12 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24736 https://github.com/redis/redis/pull/10651 https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 https://github.com/redis/redis/releases/tag/7.0.0 https://github.com/redis/redis/releases/tag/6.2.7
SUSE-SU-2022:1842-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1198952,1198953 CVE References: CVE-2022-24735,CVE-2022-24736 JIRA References: Sources used: openSUSE Leap 15.3 (src): redis-6.0.14-150200.6.11.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 (src): redis-6.0.14-150200.6.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:1929-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1198952,1198953 CVE References: CVE-2022-24735,CVE-2022-24736 JIRA References: Sources used: openSUSE Leap 15.4 (src): redis-6.2.6-150400.3.3.7 SUSE Linux Enterprise Module for Server Applications 15-SP4 (src): redis-6.2.6-150400.3.3.7 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.