{"id":"USN-6531-1","summary":"redis vulnerabilities","details":"Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled\ncertain specially crafted Lua scripts. An attacker could possibly use this\nissue to cause heap corruption and execute arbitrary code.\n(CVE-2022-24834)\n\nSeungHyun Lee discovered that Redis incorrectly handled specially crafted\ncommands. An attacker could possibly use this issue to trigger an integer\noverflow, which might cause Redis to allocate impossible amounts of memory,\nresulting in a denial of service via an application crash. (CVE-2022-35977)\n\nTom Levy discovered that Redis incorrectly handled crafted string matching\npatterns. An attacker could possibly use this issue to cause Redis to hang,\nresulting in a denial of service. (CVE-2022-36021)\n\nYupeng Yang discovered that Redis incorrectly handled specially crafted\ncommands. An attacker could possibly use this issue to trigger an integer\noverflow, resulting in a denial of service via an application crash.\n(CVE-2023-25155)\n\nIt was discovered that Redis incorrectly handled a specially crafted\ncommand. An attacker could possibly use this issue to create an invalid\nhash field, which could potentially cause Redis to crash on future access.\n(CVE-2023-28856)\n\nAlexander Aleksandrovič Klimov discovered that Redis incorrectly listened\nto a Unix socket before setting proper permissions. A local attacker could\npossibly use this issue to connect, bypassing intended permissions.\n(CVE-2023-45145)\n","modified":"2026-02-10T04:43:26Z","published":"2023-12-05T16:35:31Z","related":["UBUNTU-CVE-2022-24834","UBUNTU-CVE-2022-35977","UBUNTU-CVE-2022-36021","UBUNTU-CVE-2023-25155","UBUNTU-CVE-2023-28856","UBUNTU-CVE-2023-45145"],"upstream":["CVE-2022-24834","CVE-2022-35977","CVE-2022-36021","CVE-2023-25155","CVE-2023-28856","CVE-2023-45145","UBUNTU-CVE-2022-24834","UBUNTU-CVE-2022-35977","UBUNTU-CVE-2022-36021","UBUNTU-CVE-2023-25155","UBUNTU-CVE-2023-28856","UBUNTU-CVE-2023-45145"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6531-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-24834"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-35977"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-36021"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-25155"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-28856"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-45145"}],"affected":[{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm3?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:2.8.4-2ubuntu0.2+esm3"}]}],"versions":["2:2.6.13-1","2:2.6.16-3","2:2.8.0-1","2:2.8.2-1","2:2.8.4-2","2:2.8.4-2ubuntu0.2","2:2.8.4-2ubuntu0.2+esm1","2:2.8.4-2ubuntu0.2+esm2"],"ecosystem_specific":{"binaries":[{"binary_name":"redis-server","binary_version":"2:2.8.4-2ubuntu0.2+esm3"},{"binary_name":"redis-tools","binary_version":"2:2.8.4-2ubuntu0.2+esm3"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2022-24834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-35977","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-36021","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-25155","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-28856","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-45145","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6531-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm2?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.0.6-1ubuntu0.4+esm2"}]}],"versions":["2:3.0.3-3","2:3.0.5-1","2:3.0.5-2","2:3.0.5-3","2:3.0.5-4","2:3.0.6-1","2:3.0.6-1ubuntu0.2","2:3.0.6-1ubuntu0.3","2:3.0.6-1ubuntu0.4","2:3.0.6-1ubuntu0.4+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis-sentinel","binary_version":"2:3.0.6-1ubuntu0.4+esm2"},{"binary_name":"redis-server","binary_version":"2:3.0.6-1ubuntu0.4+esm2"},{"binary_name":"redis-tools","binary_version":"2:3.0.6-1ubuntu0.4+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2022-24834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-35977","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-36021","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-25155","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-28856","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-45145","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6531-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm4?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5:4.0.9-1ubuntu0.2+esm4"}]}],"versions":["4:4.0.1-7","4:4.0.2-6","4:4.0.2-9","5:4.0.5-1","5:4.0.6-1","5:4.0.6-2","5:4.0.7-1","5:4.0.8-1","5:4.0.8-2","5:4.0.9-1","5:4.0.9-1ubuntu0.1","5:4.0.9-1ubuntu0.2","5:4.0.9-1ubuntu0.2+esm2","5:4.0.9-1ubuntu0.2+esm3"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:4.0.9-1ubuntu0.2+esm4"},{"binary_name":"redis-sentinel","binary_version":"5:4.0.9-1ubuntu0.2+esm4"},{"binary_name":"redis-server","binary_version":"5:4.0.9-1ubuntu0.2+esm4"},{"binary_name":"redis-tools","binary_version":"5:4.0.9-1ubuntu0.2+esm4"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2022-24834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-35977","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-36021","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-25155","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-28856","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-45145","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6531-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5:5.0.7-2ubuntu0.1+esm2"}]}],"versions":["5:5.0.5-2build1","5:5.0.6-1","5:5.0.7-1","5:5.0.7-2","5:5.0.7-2ubuntu0.1~esm1","5:5.0.7-2ubuntu0.1","5:5.0.7-2ubuntu0.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:5.0.7-2ubuntu0.1+esm2"},{"binary_name":"redis-sentinel","binary_version":"5:5.0.7-2ubuntu0.1+esm2"},{"binary_name":"redis-server","binary_version":"5:5.0.7-2ubuntu0.1+esm2"},{"binary_name":"redis-tools","binary_version":"5:5.0.7-2ubuntu0.1+esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2022-24834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-35977","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-36021","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-25155","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-28856","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-45145","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6531-1.json"}},{"package":{"name":"redis","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1+esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5:6.0.16-1ubuntu1+esm1"}]}],"versions":["5:6.0.15-1","5:6.0.16-1","5:6.0.16-1build1","5:6.0.16-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"redis","binary_version":"5:6.0.16-1ubuntu1+esm1"},{"binary_name":"redis-sentinel","binary_version":"5:6.0.16-1ubuntu1+esm1"},{"binary_name":"redis-server","binary_version":"5:6.0.16-1ubuntu1+esm1"},{"binary_name":"redis-tools","binary_version":"5:6.0.16-1ubuntu1+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2022-24834","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-35977","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2022-36021","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-25155","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-28856","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2023-45145","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6531-1.json"}}],"schema_version":"1.7.3"}