CVE-2025-46817

CVE-2025-46817

Name

CVE-2025-46817

Description

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp
MISC	https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca
MISC	https://github.com/redis/redis/releases/tag/8.2.2

Type

URI

CONFIRM

https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp

MISC

https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca

MISC

https://github.com/redis/redis/releases/tag/8.2.2

CPE URI	Source package	Min version	Max version
	redis	>= 0	< 8.2.2
`cpe:2.3:a:redis:redis::::::::`	redis	>= None	< 6.2.20

CPE URI

Source package

Min version

Max version

redis

>= 0

< 8.2.2

cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*

redis

>= None

< 6.2.20

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
valkey	edge-main	8.1.4-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.22-main	8.1.4-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.21-main	7.2.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
valkey	3.20-main	7.2.11-r0	Jakub Jirutka <jakub@jirutka.cz>	fixed
redis	edge-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.2-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.1-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.0-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.12-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.11-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.0-r0	None	possibly vulnerable
redis	edge-main	6.0.3-r0	None	possibly vulnerable
redis	edge-main	5.0.8-r0	None	possibly vulnerable
redis	edge-main	5.0.4-r0	None	possibly vulnerable
redis	edge-community	8.2.2-r0	Achill Gilgenast <achill@achill.org>	fixed
redis	edge-community	8.2.1-r0	Achill Gilgenast <achill@achill.org>	fixed
redis	edge-community	8.2.0-r1	Achill Gilgenast <achill@achill.org>	fixed
redis	edge-community	8.2.0-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.3-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.2-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.1-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	8.0.0-r0	fossdd <fossdd@pwned.life>	fixed
redis	edge-community	7.2.7-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r2	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r0	None	possibly vulnerable
redis	edge-community	7.2.2-r0	None	possibly vulnerable
redis	edge-community	7.2.1-r0	None	possibly vulnerable
redis	edge-community	7.0.12-r0	None	possibly vulnerable
redis	edge-community	7.0.8-r0	None	possibly vulnerable
redis	edge-community	7.0.6-r0	None	possibly vulnerable
redis	edge-community	7.0.5-r0	None	possibly vulnerable
redis	edge-community	7.0.4-r0	None	possibly vulnerable
redis	edge-community	6.2.7-r0	None	possibly vulnerable
redis	edge-community	6.2.6-r0	None	possibly vulnerable
redis	edge-community	6.2.5-r0	None	possibly vulnerable
redis	edge-community	6.2.4-r0	None	possibly vulnerable
redis	edge-community	6.2.0-r0	None	possibly vulnerable
redis	edge-community	6.0.3-r0	None	possibly vulnerable
redis	edge-community	5.0.8-r0	None	possibly vulnerable
redis	edge-community	5.0.4-r0	None	possibly vulnerable
redis	3.22-community	8.0.4-r0	fossdd <fossdd@pwned.life>	fixed
redis	3.22-community	8.0.3-r0	fossdd <fossdd@pwned.life>	fixed
redis	3.22-community	8.0.2-r0	None	fixed
redis	3.22-community	8.0.0-r0	None	fixed
redis	3.22-community	7.2.9-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	3.22-community	7.2.7-r0	None	possibly vulnerable
redis	3.22-community	7.2.5-r1	None	possibly vulnerable
redis	3.22-community	7.2.4-r0	None	possibly vulnerable
redis	3.22-community	7.2.2-r0	None	possibly vulnerable
redis	3.22-community	7.2.1-r0	None	possibly vulnerable
redis	3.22-community	7.0.12-r0	None	possibly vulnerable
redis	3.22-community	7.0.8-r0	None	possibly vulnerable
redis	3.22-community	7.0.6-r0	None	possibly vulnerable
redis	3.22-community	7.0.5-r0	None	possibly vulnerable
redis	3.22-community	7.0.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.7-r0	None	possibly vulnerable
redis	3.22-community	6.2.6-r0	None	possibly vulnerable
redis	3.22-community	6.2.5-r0	None	possibly vulnerable
redis	3.22-community	6.2.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.0-r0	None	possibly vulnerable
redis	3.22-community	6.0.3-r0	None	possibly vulnerable
redis	3.22-community	5.0.8-r0	None	possibly vulnerable
redis	3.22-community	5.0.4-r0	None	possibly vulnerable
redis	3.19-main	7.2.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.2-r0	None	possibly vulnerable
redis	3.19-main	7.2.1-r0	None	possibly vulnerable
redis	3.19-main	7.0.12-r0	None	possibly vulnerable
redis	3.19-main	7.0.8-r0	None	possibly vulnerable
redis	3.19-main	7.0.6-r0	None	possibly vulnerable
redis	3.19-main	7.0.5-r0	None	possibly vulnerable
redis	3.19-main	7.0.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.7-r0	None	possibly vulnerable
redis	3.19-main	6.2.6-r0	None	possibly vulnerable
redis	3.19-main	6.2.5-r0	None	possibly vulnerable
redis	3.19-main	6.2.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.0-r0	None	possibly vulnerable
redis	3.19-main	6.0.3-r0	None	possibly vulnerable
redis	3.19-main	5.0.8-r0	None	possibly vulnerable
redis	3.19-main	5.0.4-r0	None	possibly vulnerable
redict	edge-community	7.3.6-r0	Achill Gilgenast <achill@achill.org>	fixed
redict	3.23-community	7.3.6-r0	Achill Gilgenast <achill@achill.org>	fixed
redict	3.22-community	7.3.6-r0	fossdd <fossdd@pwned.life>	fixed

Source package

Branch

Version

Maintainer

Status

valkey

edge-main

8.1.4-r0

Jakub Jirutka <jakub@jirutka.cz>

fixed

valkey

3.22-main