Back to KEVs

CVE-2022-0543

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...

Basic Information

CVE State: PUBLISHED
Reserved Date: February 08, 2022
Published Date: February 18, 2022
Last Updated: January 29, 2025
Vendor: Debian
Product: redis
Description: It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

CVSS Scores

CVSS v3.1

10.0 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2022-03-28 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2022-09-01 16:44:56 UTC) Source

References

https://bugs.debian.org/1005787 https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce https://lists.debian.org/debian-security-announce/2022/msg00048.html https://www.debian.org/security/2022/dsa-5081 https://security.netapp.com/advisory/ntap-20220331-0004/ http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html

Known Exploited Vulnerability Information

Source	Added Date
CISA	2022-03-28 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redis_debian_sandbox_escape.rb	2025-04-29 11:01:18 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2022/CVE-2022-0543.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

redis_debian_sandbox_escape

Type: metasploit • Created: Unknown

Metasploit module for CVE-2022-0543

JacobEbben/CVE-2022-0543

Type: github • Created: 2022-09-01 16:44:56 UTC • Stars: 8

Redis RCE through Lua Sandbox Escape vulnerability

z92g/CVE-2022-0543

Type: github • Created: 2022-07-06 04:35:59 UTC • Stars: 25

Redis 沙盒逃逸（CVE-2022-0543）POC&EXP

0x7eTeam/CVE-2022-0543

Type: github • Created: 2022-03-16 06:41:50 UTC • Stars: 88

CVE-2022-0543_RCE,Redis Lua沙盒绕过命令执行