KEVIntel
Back to KEVs
10.0
CVSS
Critical

CVE-2022-0543

PUBLISHED

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which...

Exploited in the wild Remote Low complexity No user interaction
Vendor
Debian
Product
redis
Published
Feb 18, 2022
EPSS

Description

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

redis cisa nuclei_scanner metasploit

CVSS scores

CVSS v3.1 10.0 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2.0 10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2022-03-28 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Mar 28, 2022

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redis_debian_sandbox_escape.rb Apr 28, 2025
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2022/CVE-2022-0543.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

redis_debian_sandbox_escape

metasploit · Created Unknown

Metasploit module for CVE-2022-0543

JacobEbben/CVE-2022-0543

github · Created 2022-09-01 16:44:56 UTC · 8 stars

Redis RCE through Lua Sandbox Escape vulnerability

z92g/CVE-2022-0543

github · Created 2022-07-06 04:35:59 UTC · 25 stars

Redis 沙盒逃逸(CVE-2022-0543)POC&EXP

0x7eTeam/CVE-2022-0543

github · Created 2022-03-16 06:41:50 UTC · 88 stars

CVE-2022-0543_RCE,Redis Lua沙盒绕过 命令执行

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nuclei

  • Detected by Metasploit