PatchSiren cyber security CVE debrief
CVE-2022-0543 Redis CVE debrief
CVE-2022-0543 is a Debian-specific Redis vulnerability described as a Lua sandbox escape and listed by CISA in the Known Exploited Vulnerabilities (KEV) catalog. Because it is officially marked as known exploited, affected Debian-packaged Redis deployments should be treated as a high-priority remediation item. CISA’s guidance for this entry is to apply updates per vendor instructions.
- Vendor
- Redis
- Product
- Debian-specific Redis Servers
- CVSS
- Unknown
- CISA KEV
- Listed
- Original CVE published
- 2022-03-28
- Original CVE updated
- 2022-03-28
- Advisory published
- 2022-03-28
- Advisory updated
- 2022-03-28
Who should care
Teams operating Redis deployments packaged for Debian, especially platform owners, SREs, infrastructure teams, and vulnerability management programs. Security teams should also prioritize any internet-facing or broadly accessible Redis instances.
Technical summary
The supplied official sources identify CVE-2022-0543 as a Debian-specific Redis Server Lua sandbox escape vulnerability. CISA has classified it as a known exploited vulnerability and directs defenders to apply updates per vendor instructions. The corpus does not provide deeper technical detail, so remediation should be based on the official vendor and distribution guidance referenced by the CVE and KEV entries.
Defensive priority
High priority. This CVE is listed in CISA’s KEV catalog and therefore should be remediated promptly, with special attention to any exposed Debian-specific Redis installations. The KEV entry lists a due date of 2022-04-18.
Recommended defensive actions
- Inventory Redis instances that come from Debian-specific packaging or are otherwise identified as the affected product line.
- Determine whether any affected Redis deployments are reachable from untrusted networks or used in sensitive environments.
- Apply vendor-provided updates or distribution fixes as soon as possible, following official instructions.
- Verify remediation by checking the installed Redis package/version against the vendor and distribution guidance.
- Track the CVE in vulnerability management workflows until all affected systems are confirmed patched.
- Use the CISA KEV entry and official CVE/NVD records as the authoritative references for prioritization and validation.
Evidence notes
CVE and KEV timing are based on the supplied dates: published and modified on 2022-03-28, with the KEV date added 2022-03-28 and due date 2022-04-18. The official source corpus identifies the issue as a Debian-specific Redis Server Lua sandbox escape vulnerability and marks it as known exploited. No CVSS score was provided in the supplied data.
Official resources
-
CVE-2022-0543 CVE record
CVE.org
-
CVE-2022-0543 NVD detail
NVD
-
CISA Known Exploited Vulnerabilities catalog
CISA - Apply updates per vendor instructions.
-
Source item URL
cisa_kev
CISA added CVE-2022-0543 to the Known Exploited Vulnerabilities catalog on 2022-03-28 and set a due date of 2022-04-18. Treat this as a known-exploited issue and follow vendor update guidance.