Important: redis

Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...

Amazon Linux 2023 : redis6, redis6-devel (ALAS2023-2025-818)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-818 advisory. Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

Security update for redis

This update for redis fixes the following issues: CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

Security update for redis

This update for redis fixes the following issues: CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. bsc1235387 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:0161-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

SUSE-SU-2025:0160-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

SUSE-SU-2025:0081-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-31228: Prevent unbounded recursive pattern matching. bsc1231265 - CVE-2024-31449: Fixed an integer overflow bug in Lua bittohex. bsc1231264 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector,...

BIT-VALKEY-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

BIT-REDIS-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

BIT-KEYDB-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

ALPINE-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

DEBIAN-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer...

PT-2025-1017

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.4.2, versions prior to 7.2.7, and versions prior to 6.2.17. Redis versions 5:6.0.16-1+deb11u5 and 5:7.0.15-1deb12u3. Redis versions 6.2.17-alt1. Description: Redis, an in-memory data store, is affected by a...

BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...