Main Vulnerability Database Exploits ID:9477 - Exploit for Code Injection in redis (Debian package) - CVE-2022-0543

ID:9477 - Exploit for Code Injection in redis (Debian package) - CVE-2022-0543

Published: January 2, 2024

Vulnerability identifier: #VU60741

Vulnerability risk: Medium

CVE-ID: CVE-2022-0543

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
redis (Debian package)

Link to public exploit:

https://github.com/0x7eTeam/CVE-2022-0543

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation, related to Linux Debian specific Lua sandbox escape. A remote attacker with ability to control data stored in the Redis database can inject and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

ID:9477 - Exploit for Code Injection in redis (Debian package) - CVE-2022-0543

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human