EUVD-2025-34836

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

CVE-2025-62504 Envoy Lua filter use-after-free when oversized rewritten response body causes crash

Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured...

BIT-VALKEY-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

BIT-REDIS-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

BIT-KEYDB-2025-49844 Redis Lua Use-After-Free may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all...

USN-7824-3: Redis vulnerability

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Ubuntu 22.04 LTS. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could us...

USN-7824-3 redis vulnerability

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Ubuntu 22.04 LTS. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could us...

USN-7824-2 redict vulnerability

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Redict - a fork of Redis. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker...

USN-7824-2: Redict vulnerability

USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Redict - a fork of Redis. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker...

Envoy 资源管理错误漏洞

Envoy is an Enphase open source gateway program for connecting smart home devices. A resource management error vulnerability exists in Envoy versions prior to 1.36.2, prior to 1.35.6, prior to 1.34.10, and prior to 1.33.12, which stems from the presence of post-release reuse of Lua filters, which...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 25.04 / 25.10 : Redis vulnerability (USN-7824-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7824-1 advisory. Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when...

USN-7824-1 redis vulnerability

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server...

USN-7824-1: Redis vulnerability

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server...

CVE-2018-25117

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

CVE-2018-25117

CVE-2018-25117 concerns VestaCP Debian Installer maldocs. From 2018-05-31 to 2018-06-13, the installer was tainted with embedded malicious code causing a supply-chain compromise. New installations from compromised installers since May 2018 installed Linux/ChachaDDoS, a multi-stage DDoS bot that u...

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-015 (ALASREDIS6-2025-015)

The version of redis installed on the remote host is prior to 6.2.20-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2REDIS6-2025-015 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated use...

PT-2025-42217

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2025-1221)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1221 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and...