3 matches found
CVE-2025-49844
CVE-2025-49844 affects Redis—an in‑memory data store—with Lua scripting. An authenticated user can abuse a specially crafted Lua script to trigger a use‑after‑free and potentially achieve remote code execution. Affected versions: Redis 8.2.1 and earlier; fix: 8.2.2. Workarounds include ACL‑based ...
CVE-2025-67733
Valkey is affected by a RESP protocol injection via Lua error_reply. Before versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user could inject information into the response stream through scripting commands, potentially corrupting or returning tampered data to other users on the same connect...
CVE-2026-21863
Valkey (distributed key-value DB) contains a bug in the clusterbus packet processing: before reading a clusterbus ping extension, the code may read outside the buffer if an invalid packet is sent to the clusterbus port. This can be exploited by a malicious actor with access to the clusterbus port...