Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[CVE]A heap overflow in the lua-cjson library #93

Open
NagamineLee opened this issue Jul 18, 2023 · 1 comment
Open

[CVE]A heap overflow in the lua-cjson library #93

NagamineLee opened this issue Jul 18, 2023 · 1 comment

Comments

@NagamineLee
Copy link

CVE has revealed a a critical vulnerability about Redis,but details of the vulnerability are more related to cjson.
By reviewing the Redis source code, the cjson library used in Redis is also derived from the Lua CJSON official.
So, the problem may also happen in OpenResty.

A heap overflow in the lua-cjson library
Severity: high
CVE-2022-24834
@zhuizhuhaomeng
Copy link

Ported the code from redis: #94

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zhuizhuhaomeng @NagamineLee