RLSA-2025:20926

Описание

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

• redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)

• Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)

• Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)

• Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.