Critical malicious code vulnerability in Redis in-memory database closed

Critical malicious code vulnerability in Redis in-memory database closed

If you use Redis in-memory database under Debian or Ubuntu, for example for caching, you should update the system for security reasons. In the worst case, attackers can run malicious code on Redis servers.

The vulnerability (CVE-2022-0543) is identified as “FragileWith the highest rating (CVSS score 10/10). According to the discoverer of the interval The vulnerability does not directly affect Redis, but Debian/Ubuntu, the scripting language Lua, and the interaction of the in-memory database.

Problems arise when cleaning up variables. If attackers start there, they can break out of the Lua sandbox and execute malicious code in the host system, the security researchers warn. According to him, other Debian derivatives may also be at risk.

safe on the other hand Debian– And UbuntuVersions are available for download from February/March 2022. Since the exploit code is already available, The US Cyber ​​Security and Infrastructure Security Agency (CISA) is now warning of possible attacks,


(Of)

on home page

See also  Hands on No: iOS 14 Beta 7 changes and features [Video]

LEAVE A REPLY

Please enter your comment!
Please enter your name here