You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2022 24736
About this tag
CVE-2022-24736 is a denial-of-service vulnerability in Redis that allows a malformed Lua script to trigger a NULL-pointer dereference, crashing the redis-server process. The flaw was fixed upstream in Redis versions 6.2.7 and 7.0.0. For environments that cannot immediately patch, practical mitigations include blocking SCRIPT LOAD and EVAL commands using ACLs, and restricting which users can submit Lua code to Redis. This tag covers discussions on the vulnerability details, patching strategies, and mitigation best practices for securing Redis deployments against this specific Lua-based DoS attack.
A malformed Lua script that reaches Redis’ embedded interpreter can trigger a NULL-pointer dereference and crash redis-server, a denial‑of‑service flaw tracked as CVE‑2022‑24736 that was fixed upstream in Redis 6.2.7 and 7.0.0; the practical mitigations for environments that cannot immediately...