Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PRP: Redis CVE-2022-0543 RCE #285

Open
shpei1963 opened this issue Mar 7, 2023 · 2 comments · May be fixed by #286
Open

PRP: Redis CVE-2022-0543 RCE #285

shpei1963 opened this issue Mar 7, 2023 · 2 comments · May be fixed by #286
Assignees
@shpei1963
Labels
Contributor main The main issue a contributor is working on (top of the contribution queue). PRP:Accepted PRP:Inactive

Comments

@shpei1963
Copy link

Hi, I'd like to write a detector for Redis CVE-2022-0543 RCE and the code is almost ready. The exploit is explained in https://github.com/vulhub/vulhub/tree/master/redis/CVE-2022-0543
@shpei1963 shpei1963 linked a pull request Mar 7, 2023 that will close this issue
Open
@maoning
Copy link
Collaborator

maoning commented Mar 7, 2023

Hi @shpei1963,

Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.

As liblua could be in multiple versions and installed in different locations, could you create a static list (or dynamic one if you want like https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/detectors/exposedui/phpunit/src/main/java/com/google/tsunami/plugins/detectors/exposedui/phpunit/PHPUnitExposedEvalStdinDetectorConfigs.java#L20) in the plugin to keep track of lib version + location like /usr/lib/x86_64-linux-gnu/liblua5.1.so.0? You could just have a single value in the list for now, but have the business logic in place to have the detector load each lib from the list and look for RCE.

Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.

Thanks!

@shpei1963
Copy link
Author

Thank you! I've made the change based on your feedback!

@tooryx tooryx added PRP:Inactive Contributor main The main issue a contributor is working on (top of the contribution queue). labels Feb 1, 2024
@tooryx tooryx linked a pull request Feb 1, 2024 that will close this issue
Add CVE-2022-0543 Detector #286
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shpei1963 shpei1963

Labels
Contributor main The main issue a contributor is working on (top of the contribution queue). PRP:Accepted PRP:Inactive
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add CVE-2022-0543 Detector shpei1963/tsunami-security-scanner-plugins
3 participants
@tooryx @maoning @shpei1963