FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis -- Heap overflow in the cjson and cmsgpack libraries

Affected packages
redis < 7.0.12
redis-devel <
redis62 < 6.2.13
redis60 < 6.0.20


VuXML ID 0e254b4a-1f37-11ee-a475-080027f5fec9
Discovery 2023-07-10
Entry 2023-07-10

Redis core team reports:

A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution.


CVE Name CVE-2022-24834