Security update for valkey

This update for valkey to version 8.0.6 fixes the following security issues: CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 CVE-2025-46818:...

SUSE-SU-2025:03502-1 Security update for valkey

This update for valkey to version 8.0.6 fixes the following security issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818:...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 CVE-2025-46818: Malicious Lua scripts can be...

SUSE-SU-2025:03501-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Malicious Lua scripts can...

Use After Free

Redis is vulnerable to a Use-after-free in. The vulnerability is due to improper memory handling in the Lua garbage collector due to crafted Lua scripts, and attackers can exploit this by executing malicious EVAL or EVALSHA commands...

Security update for redis7

This update for redis7 fixes the following issues: CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 CVE-2025-46818: Malicious Lua scripts can be...

SUSE-SU-2025:03500-1 Security update for redis7

This update for redis7 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Malicious Lua scripts can...

Security update for valkey

This update for valkey to version 8.0.6 fixes the following issues: CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 CVE-2025-46818: Malicious Lua...

SUSE-SU-2025:03499-1 Security update for valkey

This update for valkey to version 8.0.6 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. bsc1250995 - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. bsc1250995 - CVE-2025-46818: Maliciou...

[SECURITY] [DSA 6020-1] redis security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6020-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 08, 2025 https://www.debian.org/security/faq -...

Exploit for Use After Free in Redis

CVE-2025-49844 RediShell - Lab Environment A practical lab...

Vulnerabilities fixed in Redis

Redis has fixed vulnerabilities in versions 8.2.1 and below. The vulnerabilities are in Redis' Lua scripting engine, which can be exploited by authenticated users. This can lead to remote code execution, out-of-bounds data access or server crashes. The vulnerabilities could compromise the integri...

BIT-VALKEY-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-VALKEY-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

BIT-VALKEY-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

BIT-REDIS-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-REDIS-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

BIT-REDIS-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...

BIT-KEYDB-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

BIT-KEYDB-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...