Several recently identified dangerous vulnerabilities:
- CVE-2022-24834 – A vulnerability has been found in the DBMS REDIS, allowing for Buffer overflow in the CJSON and CMSGPACK libraries when executing a specially designed scenario in LUA. This vulnerability can potentially lead to remote code execution on the server. It affects Redis versions starting from 2.6 and has been fixed in releases 7.0.12, 6.2.13, and 6.0.20. As a workaround, Redis users can prohibit the usage of Eval and Evalsha commands.
- CVE-2023-36824 – Another vulnerability has been discovered in the DBMS REDIS, resulting in Buffer overflow when processing keys transferred through the Command Getkeys or Command Getkeysandflags command, as well as the ACL key lists. This vulnerability can potentially lead to remote code execution on the server. It only affects the 7.0.X branch and has been resolved in release 7.0.12.
- CVE-2022-23537 – A vulnerability has been found in the communications platform Asterisk, leading to buffer overflow when analyzing the server with specially designed Stun messages that indicate an unknown attribute. This vulnerability is manifested when using ICE or WebRTC protocols in Asterisk and has been fixed in releases 16.30.1, 18.18.1, 19.8.1, and 20.3.1.
/Reports, release notes, official announcements.