Heap overflow issue (CVE-2022-24834)

Redis patched their vendored version of lua-cjson in Jul 2023 to fix a heap overflow issue and CVE-2022-24834 was assigned. It seems that those changes were never upstreamed.

We may want to merge the [changes](https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6#diff-dd930db7f554182383e7581313c58c5a4fe4ee88dbd9b448f056f070bbb62336), like what OpenResty's fork did in https://github.com/openresty/lua-cjson/pull/94.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Heap overflow issue (CVE-2022-24834) #92

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Heap overflow issue (CVE-2022-24834) #92

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions