redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

Security Bulletin: Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Endpoint and IBM Aspera Desktop Client.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Server v4.4.7, IBM Aspera High-Speed Transfer Endpoint v4.4.7 and IBM Aspera Desktop Client v4.4.7. Vulnerability Details CVEID:CVE-2025-46818 DESCRIPTION: Redis is an open source, in-memory database that persists o...

Amazon Linux 2023 : valkey, valkey-devel (ALAS2023-2025-1221)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1221 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and...

BIT-VALKEY-2025-46819 Redis is vulnerable to DoS via specially crafted LUA scripts

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

AZL-68355 CVE-2025-46819 affecting package compat-lua 5.1.5-17

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

CVE-2025-46817 Lua library commands may lead to integer overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting...