Описание
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script (for example via EVAL/EVALSHA) that can trigger memory corruption and potentially lead to remote code execution within the Redis server process.
Отчет
This is classified as Moderate because exploitation requires an authenticated client with permission to execute Lua scripts (for example via EVAL/EVALSHA) rather than an unauthenticated network attacker, narrowing the exposure to already trusted principals or compromised application identities. The flaw is an integer overflow in Lua script handling that can corrupt memory, but reliable code execution is non-trivial and there are no public proofs of concept or known in-the-wild exploits as of the initial advisories, which lowers immediate operational risk despite the theoretical impact. Practically, triggering a controlled overflow through the embedded Lua runtime adds exploit complexity, as the attacker must shape arithmetic and memory behavior inside Redis’s scripting environment to gain control flow, increasing the likelihood of crashes over deterministic RCE in typical configurations. Even in a worst case, the effect is within the Redis server process context rather than a guaranteed system-wide compromise, further reducing systemic blast radius if the service is not over-privileged. This flaw exists only in the Redis server implementation; Redis client libraries (Python, Node.js, Rust, etc.) are not affected by this vulnerability, and it only exists in the Redis server’s embedded Lua engine where scripts execute. Client libraries merely transmit EVAL/EVALSHA to the server.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, restricting network access to trusted hosts, enforcing strong authentication and protected-mode, disabling or limiting Lua scripting where possible can be be benificial and apply least-privilege ACLs to reduce who can run scripting commands, keep instances non-public with firewalls/VPCs, and follow Redis hardening guidance to minimize exposure.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/fluentd-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/log-file-metric-exporter-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/vector-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Lua library commands may lead to integer overflow and potential RCE
Redis is an open source, in-memory database that persists on disk. Ver ...
Уязвимость системы управления базами данных (СУБД) Redis, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3