Vulnerability Name:

CVE-2022-24736 (CCN-225345)

Assigned:2022-04-27
Published:2022-04-27
Updated:2022-10-07
Summary:Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
3.3 Low (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
2.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-476
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-24736

Source: XF
Type: UNKNOWN
redis-cve202224736-dos(225345)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/redis/redis/pull/10651

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/redis/redis/releases/tag/6.2.7

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/redis/redis/releases/tag/7.0.0

Source: CCN
Type: Redis GIT Repository
A Malformed Lua script can crash Redis

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-44373f6778

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-6ed1ce2838

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-a0a4c7eb31

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-17

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220715-0003/

Source: CCN
Type: IBM Security Bulletin 6608610 (DataPower Gateway)
IBM DataPower Gateway affected by vulnerabilities in Redis

Source: CCN
Type: IBM Security Bulletin 6825545 (Event Streams)
Vulnerabilities in Redis affect IBM Event Streams (CVE-2022-24736, CVE-2022-24735)

Source: CCN
Type: IBM Security Bulletin 6842235 (Spectrum Protect Plus)
Vulnerabilities in Redis affect IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift (CVE-2022-24736, CVE-2022-24735)

Source: CCN
Type: IBM Security Bulletin 6999327 (Qradar Advisor)
IBM QRadar Advisor With Watson App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-24736

Source: N/A
Type: Patch, Third Party Advisory
N/A

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redis:redis:7.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:redis:redis:7.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:redis:redis:7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:redis:redis:*:*:*:*:*:*:*:* (Version < 6.2.7)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:management_services_for_netapp_hci:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:redislabs:redis:6.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:redislabs:redis:6.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:redislabs:redis:5.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:redislabs:redis:6.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:redislabs:redis:6.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:redislabs:redis:5.0.14:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:datapower_gateway:10.5.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20228096
    P
    		RHSA-2022:8096: redis security and bug fix update (Low)
    2022-11-15
    oval:com.redhat.rhsa:def:20227541
    P
    		RHSA-2022:7541: redis:6 security, bug fix, and enhancement update (Low)
    2022-11-08
    oval:org.opensuse.security:def:3757
    P
    		ppp-2.4.7-3.4 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95390
    P
    		Security update for redis (Moderate)
    2022-06-02
    oval:org.opensuse.security:def:514
    P
    		Security update for redis (Moderate)
    2022-06-02
    oval:org.opensuse.security:def:1670
    P
    		Security update for redis (Moderate)
    2022-05-25
    BACK
    redis redis 7.0 rc2
    redis redis 7.0 rc3
    redis redis 7.0 rc1
    redis redis *
    fedoraproject fedora 34
    fedoraproject fedora 35
    fedoraproject fedora 36
    netapp management services for element software -
    netapp management services for netapp hci -
    oracle communications operations monitor 4.3
    oracle communications operations monitor 4.4
    oracle communications operations monitor 5.0
    redislabs redis 6.2.5
    redislabs redis 6.0.15
    redislabs redis 5.0.13
    redislabs redis 6.2.6
    redislabs redis 6.0.16
    redislabs redis 5.0.14
    ibm datapower gateway 2018.4.1.0
    ibm spectrum protect plus 10.1.5
    ibm event streams 10.0.0
    ibm event streams 10.1.0
    ibm datapower gateway 10.0.1.0
    ibm spectrum protect plus 10.1.7
    ibm event streams 10.2.0
    ibm event streams 10.3.0
    ibm event streams 10.3.1
    ibm datapower gateway 10.0.4.0
    ibm datapower gateway 10.5.0.0