Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0693 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)

    * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)

    * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)

    * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)

    * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0595 advisory.

    Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can     contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data     set. You can persist it either by dumping the data set to disk every once in a while, or by appending each     command to a log.

    Security Fix(es):

    * redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service     (CVE-2023-22458)

    * redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic     (CVE-2022-35977)

    * redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer     overflow (CVE-2022-36021)

    * redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a     denial-of-service attack (CVE-2023-25155)

    * redis: Insufficient validation of HINCRBYFLOAT command (CVE-2023-28856)

    * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)

    * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)

    * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)

    * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)

    * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:0595 advisory.

    * redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service     (CVE-2023-22458)

    * redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic     (CVE-2022-35977)

    * redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer     overflow (CVE-2022-36021)

    * redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a     denial-of-service attack (CVE-2023-25155)

    * redis: Insufficient validation of HINCRBYFLOAT command (CVE-2023-28856)

    * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)

    * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)

    * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)

    * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)

    * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0693 advisory.

    -- rebase to 6.2.17 for CVE-2024-46981

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0693 advisory.

    * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)
      * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)
      * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)
      * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)
      * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0595 advisory.

    - rebase to 6.2.17 for CVE-2024-46981

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:0595 advisory.

    * redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service     (CVE-2023-22458)
      * redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM     panic (CVE-2022-35977)
      * redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer     overflow (CVE-2022-36021)
      * redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a     denial-of-service attack (CVE-2023-25155)
      * redis: Insufficient validation of HINCRBYFLOAT command (CVE-2023-28856)
      * redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)
      * redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)
      * redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)
      * redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)
      * redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3885 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3885-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                           Chris Lamb     September 10, 2024                            https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : redis     Version        : 5:6.0.16-1+deb11u3     CVE IDs        : CVE-2023-45145 CVE-2023-28856 CVE-2023-25155 CVE-2022-36021 CVE-2022-24834     Debian Bugs    : 1032279 1034613 1054225

    It was discovered that there were a number of issues in Redis, a popular     key-value database:

     * CVE-2023-45145: On startup, Redis began listening on a Unix        socket before adjusting its permissions to the user-provided        configuration. If a permissive umask(2) was used, this created a        race condition that enabled, during a short period of time,        another process to establish an otherwise unauthorized connection.

     * CVE-2023-28856: Authenticated users could have used the        HINCRBYFLOAT command to create an invalid hash field that would        have crashed the Redis server on access.

     * CVE-2023-25155: Authenticated users issuing specially crafted        SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an        integer overflow, resulting in a runtime assertion and termination        of the Redis server process.

     * CVE-2022-36021: Authenticated users can use string matching        commands (like SCAN or KEYS) with a specially crafted pattern to        trigger a denial-of-service attack on Redis, causing it to hang        and consume 100% CPU time.

     * CVE-2022-24834: A specially-crafted Lua script executing in Redis        could have triggered a heap overflow in the cjson and cmsgpack        libraries and result in heap corruption and potentially remote        code execution.


    For Debian 11 bullseye, these problems have been fixed in version     5:6.0.16-1+deb11u3.

    We recommend that you upgrade your redis packages.

    For the detailed security status of redis please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/redis

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202408-05 (Redis: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below     for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the redis package has been released.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5610 advisory.

  - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis     can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote     code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6,     and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and     6.0.20. (CVE-2022-24834)

  - Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names     from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading     random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead     to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and     authenticated users who were set with ACL rules that match key names, executing a specially crafted     command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.
    (CVE-2023-36824)

  - Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by     `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly     authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis     7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
    (CVE-2023-41053)

  - Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers     which can result in integer overflow that leads to heap overflow and potential remote code execution. This     issue has been patched in version 7.0.15 and 7.2.4. (CVE-2023-41056)

  - Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket     before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used,     this creates a race condition that enables, during a short period of time, another process to establish an     otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been     addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to     upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a     restrictive umask, or storing the Unix socket file in a protected directory. (CVE-2023-45145)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6531-1 advisory.

    Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua     scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code.
    (CVE-2022-24834)

    SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could     possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible     amounts of memory, resulting in a denial of service via an application crash. (CVE-2022-35977)

    Tom Levy discovered that Redis incorrectly handled crafted string matching patterns. An attacker could     possibly use this issue to cause Redis to hang, resulting in a denial of service. (CVE-2022-36021)

    Yupeng Yang discovered that Redis incorrectly handled specially crafted commands. An attacker could     possibly use this issue to trigger an integer overflow, resulting in a denial of service via an     application crash. (CVE-2023-25155)

    It was discovered that Redis incorrectly handled a specially crafted command. An attacker could possibly     use this issue to create an invalid hash field, which could potentially cause Redis to crash on future     access. (CVE-2023-28856)

    Alexander Aleksandrovi Klimov discovered that Redis incorrectly listened to a Unix socket before setting     proper permissions. A local attacker could possibly use this issue to connect, bypassing intended     permissions. (CVE-2023-45145)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of redis installed on the remote host is prior to 6.2.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2023-002 advisory.

    A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an     authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap     overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code     execution. (CVE-2022-24834)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3407-1 advisory.

  - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis     can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote     code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6,     and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and     6.0.20. (CVE-2022-24834)

  - Redis is an open source, in-memory database that persists on disk. Authenticated users can use the     `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected     versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to     upgrade. There are no known workarounds for this issue. (CVE-2023-28856)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-291 advisory.

    A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an     authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap     overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote code     execution. (CVE-2022-24834)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2925-1 advisory.

  - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis     can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote     code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6,     and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and     6.0.20. (CVE-2022-24834)

  - Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands     (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis,     causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11,     7.0.9. (CVE-2022-36021)

  - Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted     `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a     runtime assertion and termination of the Redis server process. This problem affects all Redis versions.
    Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. (CVE-2023-25155)

  - Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version     7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of     the Redis server process. The problem is fixed in Redis version 7.0.10. (CVE-2023-28425)

  - Redis is an open source, in-memory database that persists on disk. Authenticated users can use the     `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected     versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to     upgrade. There are no known workarounds for this issue. (CVE-2023-28856)

  - Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names     from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading     random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead     to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and     authenticated users who were set with ACL rules that match key names, executing a specially crafted     command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.
    (CVE-2023-36824)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:2924-1 advisory.

  - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis     can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote     code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6,     and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and     6.0.20. (CVE-2022-24834)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c406ba1ff6 advisory.

    **Redis 7.0.12** -   Released Mon July 10 12:00:00 IDT 2023

    Upgrade urgency SECURITY: See security fixes below.

    Security Fixes:

    *    (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger         a heap overflow in the cjson and cmsgpack libraries, and result in heap         corruption and potentially remote code execution. The problem exists in all         versions of Redis with Lua scripting support, starting from 2.6, and affects         only authenticated and authorized users.
    *    (**CVE-2023-36824**) Extracting key names from a command and a list of arguments         may, in some cases, trigger a heap overflow and result in reading random heap         memory, heap corruption and potentially remote code execution. Specifically:
        using COMMAND GETKEYS* and validation of key names in ACL rules.

    Bug Fixes

    * Re-enable downscale rehashing while there is a fork child (#12276)
    * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with `<count>` (#12276)
    * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction (#12276)
    * Fix WAIT to be effective after a blocked module command being unblocked (#12220)
    * Avoid unnecessary full sync after master restart in a rare case (#12088)



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-800612d23a advisory.

    **Redis 7.0.12** -   Released Mon July 10 12:00:00 IDT 2023

    Upgrade urgency SECURITY: See security fixes below.

    Security Fixes:

    *    (**CVE-2022-24834**) A specially crafted Lua script executing in Redis can trigger         a heap overflow in the cjson and cmsgpack libraries, and result in heap         corruption and potentially remote code execution. The problem exists in all         versions of Redis with Lua scripting support, starting from 2.6, and affects         only authenticated and authorized users.
    *    (**CVE-2023-36824**) Extracting key names from a command and a list of arguments         may, in some cases, trigger a heap overflow and result in reading random heap         memory, heap corruption and potentially remote code execution. Specifically:
        using COMMAND GETKEYS* and validation of key names in ACL rules.

    Bug Fixes

    * Re-enable downscale rehashing while there is a fork child (#12276)
    * Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with `<count>` (#12276)
    * Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction (#12276)
    * Fix WAIT to be effective after a blocked module command being unblocked (#12220)
    * Avoid unnecessary full sync after master restart in a rare case (#12088)



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0e254b4a-1f37-11ee-a475-080027f5fec9 advisory.

  - Redis core team reports:               A specially crafted Lua script executing in Redis can     trigger a heap overflow in the cjson and cmsgpack              libraries, and result in heap corruption     and potentially              remote code execution.            (CVE-2022-24834)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
232193	RHEL 9 : redis (RHSA-2025:0693)	Nessus	Red Hat Local Security Checks	high
232185	RHEL 8 : redis:6 (RHSA-2025:0595)	Nessus	Red Hat Local Security Checks	high
216290	RockyLinux 8 : redis:6 (RLSA-2025:0595)	Nessus	Rocky Linux Local Security Checks	high
214773	Oracle Linux 9 : redis (ELSA-2025-0693)	Nessus	Oracle Linux Local Security Checks	high
214768	AlmaLinux 9 : redis (ALSA-2025:0693)	Nessus	Alma Linux Local Security Checks	high
214578	Oracle Linux 8 : redis:6 (ELSA-2025-0595)	Nessus	Oracle Linux Local Security Checks	high
214525	AlmaLinux 8 : redis:6 (ALSA-2025:0595)	Nessus	Alma Linux Local Security Checks	high
206888	Debian dla-3885 : redis - security update	Nessus	Debian Local Security Checks	high
205117	GLSA-202408-05 : Redis: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
204424	Photon OS 4.0: Redis PHSA-2023-4.0-0427	Nessus	PhotonOS Local Security Checks	high
203583	Photon OS 5.0: Redis PHSA-2023-5.0-0049	Nessus	PhotonOS Local Security Checks	high
189755	Debian dsa-5610 : redis - security update	Nessus	Debian Local Security Checks	high
186586	Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Redis vulnerabilities (USN-6531-1)	Nessus	Ubuntu Local Security Checks	high
181950	Amazon Linux 2 : redis (ALASREDIS6-2023-002)	Nessus	Amazon Linux Local Security Checks	high
180150	SUSE SLES15 Security Update : redis (SUSE-SU-2023:3407-1)	Nessus	SuSE Local Security Checks	high
179785	Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2023-291)	Nessus	Amazon Linux Local Security Checks	high
178690	SUSE SLES15 / openSUSE 15 Security Update : redis7 (SUSE-SU-2023:2925-1)	Nessus	SuSE Local Security Checks	high
178689	SUSE SLES15 / openSUSE 15 Security Update : redis (SUSE-SU-2023:2924-1)	Nessus	SuSE Local Security Checks	high
178463	Fedora 38 : redis (2023-c406ba1ff6)	Nessus	Fedora Local Security Checks	high
178461	Fedora 37 : redis (2023-800612d23a)	Nessus	Fedora Local Security Checks	high
178110	FreeBSD : redis -- Heap overflow in the cjson and cmsgpack libraries (0e254b4a-1f37-11ee-a475-080027f5fec9)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2022-24834

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high