CVE-2022-0543 - OpenCVE

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Redis	Redis

Configuration 1 [-]

AND

OR	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:21.10::::-:::
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
https://bugs.debian.org/1005787
https://lists.debian.org/debian-security-announce/2022/msg00048.html
https://security.netapp.com/advisory/ntap-20220331-0004/
https://www.debian.org/security/2022/dsa-5081
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce

History

No history.

MITRE

Status: PUBLISHED

Assigner: debian

Published: 2022-02-18T19:25:16.932290Z

Updated: 2024-09-16T22:51:02.509Z

Reserved: 2022-02-08T00:00:00

Link: CVE-2022-0543

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-02-18T20:15:17.583

Modified: 2023-09-29T15:55:24.533

Link: CVE-2022-0543

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "redis", "vendor": "Debian", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-02-18T00:00:00", "descriptions": [{"lang": "en", "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution."}], "problemTypes": [{"descriptions": [{"description": "Lua sandbox escape", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-27T20:06:10", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/1005787"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"}, {"name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"}, {"name": "DSA-5081", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5081"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"}], "source": {"advisory": "DSA-5081-1", "discovery": "EXTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "DATE_PUBLIC": "2022-02-18T00:00:00.000Z", "ID": "CVE-2022-0543", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "redis", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Debian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Lua sandbox escape"}]}]}, "references": {"reference_data": [{"name": "https://bugs.debian.org/1005787", "refsource": "MISC", "url": "https://bugs.debian.org/1005787"}, {"name": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce", "refsource": "MISC", "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"}, {"name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"}, {"name": "DSA-5081", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5081"}, {"name": "https://security.netapp.com/advisory/ntap-20220331-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"}, {"name": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"}]}, "source": {"advisory": "DSA-5081-1", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T23:32:46.290Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/1005787"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"}, {"name": "[debian-security-announce] 20220218 [SECURITY] [DSA 5081-1] redis security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"}, {"name": "DSA-5081", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5081"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2022-0543", "datePublished": "2022-02-18T19:25:16.932290Z", "dateReserved": "2022-02-08T00:00:00", "dateUpdated": "2024-09-16T22:51:02.509Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-18", "cisaExploitAdd": "2022-03-28", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Debian-specific Redis Server Lua Sandbox Escape Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": false}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*", "matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": false}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EBE5E1C-C881-4A76-9E36-4FB7C48427E6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution."}, {"lang": "es", "value": "Se ha detectado que redis, una base de datos persistente de valores clave, debido a un problema de empaquetado, es propenso a un escape del sandbox de Lua (espec\u00edfico de Debian), que podr\u00eda resultar en una ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2022-0543", "lastModified": "2023-09-29T15:55:24.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-18T20:15:17.583", "references": [{"source": "security@debian.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html"}, {"source": "security@debian.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.debian.org/1005787"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-security-announce/2022/msg00048.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220331-0004/"}, {"source": "security@debian.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5081"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}