CVE-2022-24834

HIGH

Redis 2.6.0-6.0.19 - Authenticated Heap-based Buffer Overflow via Lua Script Execution

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-24834. PoCs published by convisolabs, DukeSec97.

AI-analyzed exploit summary This repository contains an improved exploit for CVE-2022-24834, a heap overflow vulnerability in the Lua interpreter included with Redis. The exploit leverages a heap overflow in the cjson library to achieve arbitrary memory read/write, leading to remote code execution (RCE).

Description

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

Exploits (2)

nomisec WORKING POC 23 stars

by convisolabs · poc

https://github.com/convisolabs/CVE-2022-24834

View Code ZIP pw:eip

This repository contains an improved exploit for CVE-2022-24834, a heap overflow vulnerability in the Lua interpreter included with Redis. The exploit leverages a heap overflow in the cjson library to achieve arbitrary memory read/write, leading to remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Redis (versions 5.0.7, 6.2.12, 7.0.11)

No auth needed

Prerequisites: Network access to vulnerable Redis instance · Lua scripting enabled in Redis

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by DukeSec97 · poc

https://github.com/DukeSec97/CVE-2022-24834-

View Code ZIP pw:eip

This PoC exploits CVE-2022-24834, a Lua sandbox escape in Redis, to achieve remote code execution (RCE) by sending a malicious Lua script that triggers a reverse shell. The exploit uses Redis' EVAL command to execute arbitrary commands on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Redis (versions affected by CVE-2022-24834)

No auth needed

Prerequisites: Network access to Redis instance · Redis instance vulnerable to CVE-2022-24834

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/MIF5MAGYARYUMRFK7PQI7HYXMK2HZE5T/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/TDNNH2ONMVNBQ6LUIAOAGDNFPKXNST5K/

Vendor Advisory

https://security.netapp.com/advisory/ntap-20230814-0006/

Scores

CVSS v3 7.0

EPSS 0.4292

EPSS Percentile 98.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-122 CWE-680

Status published

Products (3)

fedoraproject/fedora 37

fedoraproject/fedora 38

redis/redis 2.6.0 - 6.0.20

Published Jul 13, 2023

Tracked Since Feb 18, 2026