Your submission was sent successfully! Close

CVE-2022-0543

Published: 18 February 2022

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

From the Ubuntu security team

Reginaldo Silva discovered that due to a packaging issue, a remote attacker with the ability to execute arbitrary Lua scriptss could possibly escape the Lua sandbox and execute arbitrary code on the host.

Priority

Medium

CVSS 3 base score: 10.0

Status

Package Release Status
redis
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (5:5.0.7-2ubuntu0.1)
impish
Released (5:6.0.15-1ubuntu0.1)
trusty Not vulnerable
(code not present)
upstream
Released (6.0.16-1+deb11u2)
xenial Ignored
(out of standard support)