Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-0543
PUBLISHED
More InfoOfficial Page
Assigner-debian
Assigner Org ID-79363d38-fa19-49d1-9214-5f28da3f3ac5
View Known Exploited Vulnerability (KEV) details
Published At-18 Feb, 2022 | 19:25
Updated At-21 Oct, 2025 | 23:15
Rejected At-
▼CVE Numbering Authority (CNA)

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

Affected Products
Vendor
Debian GNU/LinuxDebian
Product
redis
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/ALua sandbox escape
Type: text
CWE ID: N/A
Description: Lua sandbox escape
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.debian.org/1005787
x_refsource_MISC
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
x_refsource_MISC
https://lists.debian.org/debian-security-announce/2022/msg00048.html
mailing-list
x_refsource_MLIST
https://www.debian.org/security/2022/dsa-5081
vendor-advisory
x_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-20220331-0004/
x_refsource_CONFIRM
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
x_refsource_MISC
Hyperlink: https://bugs.debian.org/1005787
Resource:
x_refsource_MISC
Hyperlink: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
Resource:
x_refsource_MISC
Hyperlink: https://lists.debian.org/debian-security-announce/2022/msg00048.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://www.debian.org/security/2022/dsa-5081
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://security.netapp.com/advisory/ntap-20220331-0004/
Resource:
x_refsource_CONFIRM
Hyperlink: http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugs.debian.org/1005787
x_refsource_MISC
x_transferred
https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
x_refsource_MISC
x_transferred
https://lists.debian.org/debian-security-announce/2022/msg00048.html
mailing-list
x_refsource_MLIST
x_transferred
https://www.debian.org/security/2022/dsa-5081
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://security.netapp.com/advisory/ntap-20220331-0004/
x_refsource_CONFIRM
x_transferred
http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
x_refsource_MISC
x_transferred
Hyperlink: https://bugs.debian.org/1005787
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://lists.debian.org/debian-security-announce/2022/msg00048.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://www.debian.org/security/2022/dsa-5081
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20220331-0004/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2022-03-28
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2022-0543 added to CISA KEV2022-03-28 00:00:00
Event: CVE-2022-0543 added to CISA KEV
Date: 2022-03-28 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0543
Resource:
government-resource
Details not found