CVE-2022-0543: Code Execution vulnerability on Redis Redis, Debian Debian Linux

Vulnerability Details : CVE-2022-0543

CVE Name: CVE-2022-0543: Code Execution vulnerability on Redis Redis, Debian Debian Linux

Description: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Publish date: 2022-02-18T20:15Z

Last Update: 2022-04-27T21:15Z

CVSS Scores & Vulnerability Types

CVSS Score	10.0
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH
Actack Vector	NETWORK
Actack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	CHANGED
Vulnerability Type(s)	Code Execution
CWE ID	N/I

Products Affected By CVE-2022-0543

#	Vendor	Product	Vulnerable Versions
1	Redis	Redis	1
2	Debian	Debian Linux	3

Detail of Verions Affected

#	Product Type	Vendor	Product	Version
1	Application	Redis	Redis
2	Operating System	Debian	Debian Linux	9.0
3	Operating System	Debian	Debian Linux	10.0
4	Operating System	Debian	Debian Linux	11.0

References For CVE-2022-0543

Hyperlink	Resource
https://bugs.debian.org/1005787	Issue Tracking, Patch, Third Party Advisory
https://www.debian.org/security/2022/dsa-5081	Mailing List, Third Party Advisory
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce	Third Party Advisory
https://lists.debian.org/debian-security-announce/2022/msg00048.html	Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0004/
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html