Login Sign Up

CVE-2022-24834

7.0 HIGH
Remote Code Execution

📋 TL;DR

CVE-2022-24834 is a heap overflow vulnerability in Redis's cjson library that can be triggered via specially crafted Lua scripts. This can lead to heap corruption and potentially remote code execution. Only authenticated and authorized Redis users can exploit this vulnerability.

💻 Affected Systems

Products:
  • Redis
Versions: All versions from 2.6 to 7.0.11, 6.2.12 and below, 6.0.19 and below
Operating Systems: All operating systems running Redis
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Redis instances with Lua scripting enabled (default) and requires authenticated access.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

Redis by Redis

View all CVEs affecting Redis →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Redis process, potentially leading to full system compromise.

🟠

Likely Case

Redis service crash (denial of service) or limited memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if proper authentication controls prevent unauthorized access or if Lua scripting is disabled.

🌐 Internet-Facing: MEDIUM - Requires authenticated access, but internet-facing Redis instances with weak credentials are at higher risk.
🏢 Internal Only: MEDIUM - Internal attackers with valid credentials could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific Lua scripts and authenticated access to Redis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.12, 6.2.13, or 6.0.20

Vendor Advisory: https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838

Restart Required: Yes

Instructions:

1. Stop Redis service. 2. Backup Redis data. 3. Upgrade Redis to patched version. 4. Restart Redis service. 5. Verify version and functionality.

🔧 Temporary Workarounds

Disable Lua scripting

all

Prevents execution of Lua scripts that trigger the vulnerability

redis-cli CONFIG SET lua-time-limit 0

Restrict Redis access

all

Limit Redis to trusted networks and enforce strong authentication

Configure bind address in redis.conf: bind 127.0.0.1
Set requirepass in redis.conf: requirepass <strong-password>

🧯 If You Can't Patch

  • Implement strict network access controls to limit Redis exposure
  • Disable Lua scripting functionality entirely

🔍 How to Verify

Check if Vulnerable:

Check Redis version against affected ranges: 2.6 to 7.0.11, ≤6.2.12, ≤6.0.19

Check Version:

redis-cli --version

Verify Fix Applied:

Confirm Redis version is 7.0.12, 6.2.13, 6.0.20 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual Lua script execution patterns
  • Redis process crashes or abnormal terminations

Network Indicators:

  • Suspicious Lua script payloads sent to Redis port 6379

SIEM Query:

source="redis" AND (event="SCRIPT LOAD" OR event="EVAL") AND payload CONTAINS "cjson"

📊 Metadata

CVE ID: CVE-2022-24834
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: July 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24834, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)