redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: heap overflow in the lua cjson and cmsgpack libraries

A heap-based buffer overflow flaw was found in Redis. This flaw allows a local authenticated attacker user or attacker to execute a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and potential remote co...

CBL Mariner 2.0 Security Update: redis / valkey (CVE-2024-46981)

The version of redis / valkey installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46981 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated user May use a...

Amazon Linux 2 : redis (ALASREDIS6-2025-011)

The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-011 advisory. Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script...

SUSE-SU-2025:0162-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. bsc1235387...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

SUSE CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. Mitigation A workaround to mitigate the problem without patching the redis-server executable is to...

AZL-54969 CVE-2024-46981 affecting package redis for versions less than 6.2.17-1

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

Updated redis packages fix security vulnerabilities

An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. CVE-2024-31227 Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported...

CVE-2024-31449

CVE-2024-31449 affects Redis with Lua scripting. An authenticated user can trigger a stack overflow in the Lua bit library via a crafted script, potentially enabling remote code execution. The issue affects all Redis versions that support Lua scripting and is fixed in Redis 6.2.16, 7.2.6, and 7.4...

Redis 安全漏洞

Redis is an open source, ANSI C, network-enabled, memory-based, persistent logging, key-value Key-Value storage database from Redis, Inc. that provides APIs in multiple languages. A security vulnerability exists in Redis. The vulnerability can be exploited by an attacker to remotely execute code...

BIT-VALKEY-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

BIT-VALKEY-2022-24834 Heap overflow issue with the Lua cjson library used by Redis

Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support,...

BIT-KEYDB-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

ROS-20240726-03

A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...