Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HRedis
APPRedis< 6.2.207.0 – 7.2.11 (bez)7.4.0 – 7.4.6 (bez)8.0.0 – 8.0.4 (bez)8.2.0 – 8.2.2 (bez)
Related vulnerabilities
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...
Redis/Valkey: RCE przez use-after-free w skryptach Lua
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow do...
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does ...
Redis is an open source, in-memory database that persists on disk. In versions 8.2.0 and above, a user can run...