Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Alibaba Cloud Linux 3 : 0165: redis:6 (ALINUX3-SA-2025:0165)

🗓️ 17 Nov 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 4 Views

Alibaba Cloud Linux 3 Redis update fixes Lua scripting vulnerabilities.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		redis,valkey -- Running Lua function as a different user
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Out of bound read due to a bug in LUA
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Lua Use-After-Free may lead to remote code execution
3 Oct 202500:00
freebsd
FreeBSD		redis,valkey -- Lua library commands may lead to integer overflow and potential RCE
3 Oct 202500:00
freebsd
GithubExploit		Exploit for Use After Free in Redis
7 Oct 202506:18
githubexploit
GithubExploit		Exploit for Use After Free in Redis
14 Oct 202504:20
githubexploit
GithubExploit		Exploit for Use After Free in Redis
9 Mar 202622:43
githubexploit
GithubExploit		Exploit for Use After Free in Redis
6 Apr 202608:03
githubexploit
GithubExploit		Exploit for Use After Free in Redis
31 Oct 202505:59
githubexploit
GithubExploit		Exploit for Use After Free in Redis
7 Oct 202510:12
githubexploit
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2025:0165.
##

include('compat.inc');

if (description)
{
  script_id(275566);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/17");

  script_cve_id(
    "CVE-2025-46817",
    "CVE-2025-46818",
    "CVE-2025-46819",
    "CVE-2025-49844"
  );

  script_name(english:"Alibaba Cloud Linux 3 : 0165: redis:6 (ALINUX3-SA-2025:0165)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2025:0165 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2025-46817:
    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead
    to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is
    fixed in version 8.2.2.

    CVE-2025-46818:
    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to manipulate different LUA objects and
    potentially run their own code in the context of another user. The problem exists in all versions of Redis
    with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without
    patching the redis-server executable is to prevent users from executing LUA scripts. This can be done
    using ACL to block a script by restricting both the EVAL and FUNCTION command families.

    CVE-2025-46819:
    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and
    subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue
    is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to
    prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both
    the EVAL and FUNCTION command families.

    CVE-2025-49844:
    Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an
    authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a
    use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis
    with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the
    redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to
    restrict EVAL and EVALSHA commands.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20250165.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-49844");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/11/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/11/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:redis-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Alibaba Cloud Linux' >!< os_product) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_version);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'redis-6.2.20-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-6.2.20-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debuginfo-6.2.20-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debuginfo-6.2.20-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debugsource-6.2.20-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-debugsource-6.2.20-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-devel-6.2.20-1.0.1.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-devel-6.2.20-1.0.1.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'redis-doc-6.2.20-1.0.1.1.al8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis / redis-debuginfo / redis-debugsource / redis-devel / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Nov 2025 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 3.19.9
EPSS0.86268
SSVC
Alibaba CloudLinux vulnerabilityRedis vulnerabilityLua scriptingRemote code executionInteger overflow
4