Описание
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution.
Отчет
The problem exists in all versions of Redis with Lua scripting. This vulnerability in Redis is classified as high severity rather than moderate due to its potential impact and exploitation scope. By manipulating the Lua garbage collector through crafted scripts, an authenticated attacker can achieve remote code execution (RCE), allowing them to execute arbitrary commands on the host system. This compromises not only the integrity and confidentiality of the data stored in Redis but also the underlying server itself. Furthermore, the exploitation does not require direct access to the server binary, making it feasible for attackers to execute through legitimate, albeit malicious, commands.
Меры по смягчению последствий
A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9 | Affected | ||
| Red Hat Ansible Automation Platform 1.2 | ansible-tower | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-amd-rhel9 | Will not fix | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/bootc-azure-amd-rhel9 | Will not fix | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/instructlab-amd-rhel9 | Will not fix | ||
| Red Hat Fuse 7 | io.hawt-hawtio-integration | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Affected | ||
| Discovery 1 for RHEL 9 | discovery/discovery-server-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Discovery 1 for RHEL 9 | discovery/discovery-ui-rhel9 | Fixed | RHSA-2025:1249 | 10.02.2025 |
| Red Hat Enterprise Linux 8 | redis | Fixed | RHSA-2025:0595 | 22.01.2025 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis is an open source, in-memory database that persists on disk. An ...
EPSS
7 High
CVSS3