redis,valkey -- Lua library commands may lead to integer overflow and potential RCE

redis reports: An authenticated user may use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. An additional workaround to mitigate the problem without patching the redis-server...

PT-2025-40592

Name of the Vulnerable Software and Affected Versions Redis versions 8.2.1 and below Description Redis, an in-memory database, has an issue where an authenticated user can use a crafted Lua script to manipulate LUA objects and potentially execute code in another user's context. This affects all...

Linux Distros Unpatched Vulnerability : CVE-2022-24834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and...

[SECURITY] Fedora 41 Update: valkey-8.0.4-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 42 Update: valkey-8.0.4-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

ALPINE-CVE-2024-25176

LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in ljstrfmtwfnum in ljstrfmtnum.c...

[SECURITY] Fedora 41 Update: valkey-8.0.3-3.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

ALSA-2025:7509 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 42 Update: valkey-8.0.3-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 41 Update: valkey-8.0.3-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 40 Update: redis-7.2.8-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

redis: Lua library commands may lead to stack overflow and RCE in Redis

A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

Important: redis6

Issue Overview: Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional...

PT-2025-40594

Name of the Vulnerable Software and Affected Versions Redis versions 5.7.0 through 5.8.0 Redict versions 7.3.2+ds-1ubuntu0.1 Valkey versions prior to 8.1.1+dfsg1-3+deb13u1 Description Redis and Redict are vulnerable to a Lua scripting interface issue that could allow an authenticated attacker to...

redis: Lua library commands may lead to stack overflow and RCE in Redis

A flaw was found in Redis. This flaw allows an authenticated user to use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may lead to remote code execution. The problem exists in all versions of Redis with Lua scripting...

[SECURITY] [DLA 4025-1] redis security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4025-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk January 20, 2025 https://wiki.debian.org/LTS -...

redis: Redis' Lua library commands may lead to remote code execution

A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution...

Debian dla-4025 : redis - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4025 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4025-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] Fedora 40 Update: redict-7.3.2-1.fc40

Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 40 Update: valkey-8.0.2-1.fc40

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...