CVE-2022-0543

10.0 CRITICAL CISA KEV - Actively Exploited

Published: February 18, 2022 Modified: November 10, 2025

Description

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html

Source: security@debian.org

Exploit Third Party Advisory VDB Entry

https://bugs.debian.org/1005787

Source: security@debian.org

Issue Tracking Patch Third Party Advisory

https://lists.debian.org/debian-security-announce/2022/msg00048.html

Source: security@debian.org

Mailing List Third Party Advisory

https://security.netapp.com/advisory/ntap-20220331-0004/

Source: security@debian.org

Third Party Advisory

https://www.debian.org/security/2022/dsa-5081

Source: security@debian.org

Mailing List Third Party Advisory

https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce

Source: security@debian.org

Third Party Advisory

http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html