SUSE-SU-2025:0161-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

SUSE-SU-2025:0160-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. bsc1235386 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution...

SUSE-SU-2025:0081-1 Security update for redis

This update for redis fixes the following issues: - CVE-2024-31228: Prevent unbounded recursive pattern matching. bsc1231265 - CVE-2024-31449: Fixed an integer overflow bug in Lua bittohex. bsc1231264 - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector,...

BIT-VALKEY-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

BIT-REDIS-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

BIT-KEYDB-2024-46981 Redis' Lua library commands may lead to remote code execution

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

ALPINE-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

DEBIAN-CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate...

Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

Users searching for game cheats are being tricked into downloading a Lua-based malware that is capable of establishing persistence on infected systems and delivering additional payloads. "These attacks capitalize on the popularity of Lua gaming engine supplements within the student gamer...

PT-2025-1017

Name of the Vulnerable Software and Affected Versions: Redis versions prior to 7.4.2, versions prior to 7.2.7, and versions prior to 6.2.17. Redis versions 5:6.0.16-1+deb11u5 and 5:7.0.15-1deb12u3. Redis versions 6.2.17-alt1. Description: Redis, an in-memory data store, is affected by a...

BIT-APACHE-2021-44790 Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier

A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier...

BIT-APACHE-2022-28615 Read beyond bounds in ap_strcmp_match()

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in apstrcmpmatch when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Redis vulnerabilities (USN-5221-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5221-1 advisory. It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this...

Low: redis

Issue Overview: A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. CVE-2022-24735 A flaw was found in the Red...

Important: redis

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Important: redis6

Issue Overview: A heap-based buffer overflow flaw was found in Redis. This flaw allows an attacker to trick an authenticated user into executing a specially crafted Lua script in Redis. This attack triggers a heap overflow in the cjson and cmsgpack libraries, resulting in heap corruption and...

Unspecified Vulnerability in Delta Electronics InfraSuite Device Master

Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A security vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to remotely execute...

CVE-2023-1143

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code...