cve-2024-46981
Vulnerability from cvelistv5
Published
2025-01-06 21:11
Modified
2025-03-19 20:14
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
References
security-advisories@github.comhttps://github.com/redis/redis/releases/tag/6.2.17
security-advisories@github.comhttps://github.com/redis/redis/releases/tag/7.2.7
security-advisories@github.comhttps://github.com/redis/redis/releases/tag/7.4.2
security-advisories@github.comhttps://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/cve-2024-46981-detect-redis-vulnerability
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/cve-2024-46981-mitigate-redis-vulnerability
Impacted products
Vendor Product Version
redis redis Version: >= 7.4.0, < 7.4.2
Version: >= 7.2.0, < 7.2.7
Version: < 6.2.17
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-46981",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-06T21:41:47.467485Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-06T21:42:29.135Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2025-03-19T20:14:35.152Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html",
               },
               {
                  url: "https://www.vicarius.io/vsociety/posts/cve-2024-46981-detect-redis-vulnerability",
               },
               {
                  url: "https://www.vicarius.io/vsociety/posts/cve-2024-46981-mitigate-redis-vulnerability",
               },
            ],
            title: "CVE Program Container",
            x_generator: {
               engine: "ADPogram 0.0.1",
            },
         },
      ],
      cna: {
         affected: [
            {
               product: "redis",
               vendor: "redis",
               versions: [
                  {
                     status: "affected",
                     version: ">= 7.4.0, < 7.4.2",
                  },
                  {
                     status: "affected",
                     version: ">= 7.2.0, < 7.2.7",
                  },
                  {
                     status: "affected",
                     version: "< 6.2.17",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 7,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-416",
                     description: "CWE-416: Use After Free",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-06T21:11:51.687Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c",
            },
            {
               name: "https://github.com/redis/redis/releases/tag/6.2.17",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/redis/redis/releases/tag/6.2.17",
            },
            {
               name: "https://github.com/redis/redis/releases/tag/7.2.7",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/redis/redis/releases/tag/7.2.7",
            },
            {
               name: "https://github.com/redis/redis/releases/tag/7.4.2",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/redis/redis/releases/tag/7.4.2",
            },
         ],
         source: {
            advisory: "GHSA-39h2-x6c4-6w4c",
            discovery: "UNKNOWN",
         },
         title: "Redis' Lua library commands may lead to remote code execution",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2024-46981",
      datePublished: "2025-01-06T21:11:51.687Z",
      dateReserved: "2024-09-16T16:10:09.018Z",
      dateUpdated: "2025-03-19T20:14:35.152Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         descriptions: "[{\"lang\": \"en\", \"value\": \"Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.\"}, {\"lang\": \"es\", \"value\": \"Redis es una base de datos en memoria de c\\u00f3digo abierto que persiste en el disco. Un usuario autenticado puede usar un script Lua especialmente manipulado para manipular el recolector de elementos no utilizados y potencialmente provocar la ejecuci\\u00f3n remota de c\\u00f3digo. El problema se solucion\\u00f3 en 7.4.2, 7.2.7 y 6.2.17. Un workaround adicional para mitigar el problema sin aplicar un parche al ejecutable redis-server es evitar que los usuarios ejecuten scripts Lua. Esto se puede hacer usando ACL para restringir los comandos EVAL y EVALSHA.\"}]",
         id: "CVE-2024-46981",
         lastModified: "2025-01-06T22:15:09.360",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}]}",
         published: "2025-01-06T22:15:09.360",
         references: "[{\"url\": \"https://github.com/redis/redis/releases/tag/6.2.17\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.2.7\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.4.2\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c\", \"source\": \"security-advisories@github.com\"}]",
         sourceIdentifier: "security-advisories@github.com",
         vulnStatus: "Awaiting Analysis",
         weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2024-46981\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-06T22:15:09.360\",\"lastModified\":\"2025-03-19T21:15:36.860\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.\"},{\"lang\":\"es\",\"value\":\"Redis es una base de datos en memoria de código abierto que persiste en el disco. Un usuario autenticado puede usar un script Lua especialmente manipulado para manipular el recolector de elementos no utilizados y potencialmente provocar la ejecución remota de código. El problema se solucionó en 7.4.2, 7.2.7 y 6.2.17. Un workaround adicional para mitigar el problema sin aplicar un parche al ejecutable redis-server es evitar que los usuarios ejecuten scripts Lua. Esto se puede hacer usando ACL para restringir los comandos EVAL y EVALSHA.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"references\":[{\"url\":\"https://github.com/redis/redis/releases/tag/6.2.17\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/redis/redis/releases/tag/7.2.7\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/redis/redis/releases/tag/7.4.2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2024-46981-detect-redis-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vicarius.io/vsociety/posts/cve-2024-46981-mitigate-redis-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2024-46981-detect-redis-vulnerability\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/cve-2024-46981-mitigate-redis-vulnerability\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-19T20:14:35.152Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-46981\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-06T21:41:47.467485Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-06T21:41:58.543Z\"}}], \"cna\": {\"title\": \"Redis' Lua library commands may lead to remote code execution\", \"source\": {\"advisory\": \"GHSA-39h2-x6c4-6w4c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"redis\", \"product\": \"redis\", \"versions\": [{\"status\": \"affected\", \"version\": \">= 7.4.0, < 7.4.2\"}, {\"status\": \"affected\", \"version\": \">= 7.2.0, < 7.2.7\"}, {\"status\": \"affected\", \"version\": \"< 6.2.17\"}]}], \"references\": [{\"url\": \"https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c\", \"name\": \"https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/6.2.17\", \"name\": \"https://github.com/redis/redis/releases/tag/6.2.17\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.2.7\", \"name\": \"https://github.com/redis/redis/releases/tag/7.2.7\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/redis/redis/releases/tag/7.4.2\", \"name\": \"https://github.com/redis/redis/releases/tag/7.4.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416: Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-06T21:11:51.687Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-46981\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-19T20:14:35.152Z\", \"dateReserved\": \"2024-09-16T16:10:09.018Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-06T21:11:51.687Z\", \"assignerShortName\": \"GitHub_M\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.