Soon after the publication of CVE-2022-0543 Instaclustr started investigating its potential impacts on our Redis offering. We concurred with the University of California analysis, that Redis “… a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution”. Instaclustr investigated and tested our Redis configuration and confirmed that this does not affect any of our Redis offerings due to Instaclustr building Redis from source rather than using the affected packages.

If you have any further queries regarding this vulnerability and how it relates to Instaclustr services, please contact [email protected].

Mitigation:
Instaclustr for Redis clusters require no mitigation and are not affected.