Redis for debian and Ubuntu is vulnerable to CVE-2022-24834
Reginaldo Silva
reginaldo at ubercomp.com
Mon Jul 17 14:37:44 UTC 2023
Hi Chris, as well as Debian and Ubuntu security teams
I'm sending this as a heads up for you folks to pick up last-week's
Redis bugfix if you haven't already, especially
https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6
eval 'return cjson.encode(string.rep("a", 357913941))' 0
would be a crasher for this. I have no plans to release any PoCs
publicly this time, at least not until the vast majority of people are
patched.
Best regards,
Reginaldo
More information about the Ubuntu-devel-discuss
mailing list