SUSE-SU-2025:03500-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Malicious Lua scripts can...

Security update for valkey

This update for valkey to version 8.0.6 fixes the following issues: CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 CVE-2025-46818: Malicious Lua...

SUSE-SU-2025:03499-1 Security update for valkey

This update for valkey to version 8.0.6 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Maliciou...

[SECURITY] [DSA 6020-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6020-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 08, 2025 https://www.debian.org/security/faq -...

Exploit for Use After Free in Redis

CVE-2025-49844 RediShell - Lab Environment A practical lab...

Vulnerabilities fixed in Redis

Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...

BIT-VALKEY-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-VALKEY-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

BIT-VALKEY-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

BIT-REDIS-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-REDIS-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

BIT-REDIS-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

BIT-KEYDB-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-KEYDB-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

BIT-KEYDB-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

Redis Lua Use-After-Free may lead to remote code execution

...

[SECURITY] Fedora 41 Update: civetweb-1.16-10.fc41

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

[SECURITY] Fedora 42 Update: civetweb-1.16-10.fc42

Civetweb is an easy to use, powerful, C C/C++ embeddable web server with optional CGI, SSL and Lua support. CivetWeb can be used by developers as a library, to add web server functionality to an existing application. It can also be used by end users as a stand-alone web server running on a Window...

Linux Distros Unpatched Vulnerability : CVE-2025-46818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...

Linux Distros Unpatched Vulnerability : CVE-2025-46817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to...