Action not permitted
Modal body text goes here.
Modal Title
Modal Body
usn-7893-1
Vulnerability from osv_ubuntu
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-49844)
It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a integer overflow condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-46817)
It was discovered that Valkey incorrectly handled Lua objects. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2025-46818)
It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to read out-of-bounds memory, causing a denial of service or possibly obtaining sensitive information. (CVE-2025-46819)
It was discovered that Valkey incorrectly handled memory in some calculations. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-49112)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-46817",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-46818",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-46819",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-49112",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-49844",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-46817",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-46818",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-46819",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-49112",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-49844",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:25.10"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
}
],
"aliases": [],
"details": "Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly\nhandled memory when running Lua scripts. An authenticated attacker could\nuse this vulnerability to trigger a use-after-free condition, and\npotentially achieve remote code execution on the Valkey server.\n(CVE-2025-49844)\n\nIt was discovered that Valkey incorrectly handled memory when running Lua\nscripts. An authenticated attacker could use this vulnerability to trigger\na integer overflow condition, and potentially achieve remote code execution\non the Valkey server. (CVE-2025-46817)\n\nIt was discovered that Valkey incorrectly handled Lua objects. An\nauthenticated attacker could possibly use this issue to escalate their\nprivileges. (CVE-2025-46818)\n\nIt was discovered that Valkey incorrectly handled memory when running Lua\nscripts. An authenticated attacker could use this vulnerability to read\nout-of-bounds memory, causing a denial of service or possibly obtaining\nsensitive information. (CVE-2025-46819)\n\nIt was discovered that Valkey incorrectly handled memory in some\ncalculations. An attacker could possibly use this issue to cause a denial\nof service. (CVE-2025-49112)",
"id": "USN-7893-1",
"modified": "2026-04-27T14:11:47Z",
"published": "2025-11-26T13:51:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-49112"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-49844"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "valkey vulnerabilities",
"upstream": [
"UBUNTU-CVE-2025-46817",
"UBUNTU-CVE-2025-46818",
"UBUNTU-CVE-2025-46819",
"UBUNTU-CVE-2025-49112",
"UBUNTU-CVE-2025-49844"
]
}
ubuntu-cve-2025-46817
Vulnerability from osv_ubuntu
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.5+ds-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.2+ds-1",
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.5+ds-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.6+ds-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.6+ds-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.6+ds-1"
]
}
],
"aliases": [],
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.",
"id": "UBUNTU-CVE-2025-46817",
"modified": "2026-05-20T15:22:52Z",
"published": "2025-10-03T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
}
],
"related": [
"USN-7893-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-46817"
]
}
ubuntu-cve-2025-46818
Vulnerability from osv_ubuntu
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-server",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:2.6.13-1",
"2:2.6.16-3",
"2:2.8.0-1",
"2:2.8.2-1",
"2:2.8.4-2",
"2:2.8.4-2ubuntu0.2",
"2:2.8.4-2ubuntu0.2+esm1",
"2:2.8.4-2ubuntu0.2+esm2",
"2:2.8.4-2ubuntu0.2+esm3",
"2:2.8.4-2ubuntu0.2+esm4",
"2:2.8.4-2ubuntu0.2+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-sentinel",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-server",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm5?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.0.3-3",
"2:3.0.5-1",
"2:3.0.5-2",
"2:3.0.5-3",
"2:3.0.5-4",
"2:3.0.6-1",
"2:3.0.6-1ubuntu0.2",
"2:3.0.6-1ubuntu0.3",
"2:3.0.6-1ubuntu0.4",
"2:3.0.6-1ubuntu0.4+esm1",
"2:3.0.6-1ubuntu0.4+esm2",
"2:3.0.6-1ubuntu0.4+esm3",
"2:3.0.6-1ubuntu0.4+esm4",
"2:3.0.6-1ubuntu0.4+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-server",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-tools",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm7?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4:4.0.1-7",
"4:4.0.2-6",
"4:4.0.2-9",
"5:4.0.5-1",
"5:4.0.6-1",
"5:4.0.6-2",
"5:4.0.7-1",
"5:4.0.8-1",
"5:4.0.8-2",
"5:4.0.9-1",
"5:4.0.9-1ubuntu0.1",
"5:4.0.9-1ubuntu0.2",
"5:4.0.9-1ubuntu0.2+esm2",
"5:4.0.9-1ubuntu0.2+esm3",
"5:4.0.9-1ubuntu0.2+esm4",
"5:4.0.9-1ubuntu0.2+esm5",
"5:4.0.9-1ubuntu0.2+esm6",
"5:4.0.9-1ubuntu0.2+esm7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-server",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm4?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:5.0.5-2build1",
"5:5.0.6-1",
"5:5.0.7-1",
"5:5.0.7-2",
"5:5.0.7-2ubuntu0.1~esm1",
"5:5.0.7-2ubuntu0.1",
"5:5.0.7-2ubuntu0.1+esm1",
"5:5.0.7-2ubuntu0.1+esm2",
"5:5.0.7-2ubuntu0.1+esm3",
"5:5.0.7-2ubuntu0.1+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-server",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1.1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:6.0.15-1",
"5:6.0.16-1",
"5:6.0.16-1build1",
"5:6.0.16-1ubuntu1",
"5:6.0.16-1ubuntu1+esm1",
"5:6.0.16-1ubuntu1+esm2",
"5:6.0.16-1ubuntu1.1",
"5:6.0.16-1ubuntu1.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-server",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.12-1",
"5:7.0.14-1",
"5:7.0.14-2",
"5:7.0.15-1",
"5:7.0.15-1build1",
"5:7.0.15-1build2",
"5:7.0.15-1ubuntu0.24.04.1",
"5:7.0.15-1ubuntu0.24.04.2",
"5:7.0.15-1ubuntu0.24.04.3",
"5:7.0.15-1ubuntu0.24.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.5+ds-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.2+ds-1",
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.5+ds-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.15-3",
"5:7.0.15-3.1",
"5:8.0.2-3",
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.6+ds-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.6+ds-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.6+ds-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.5-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1",
"5:8.0.5-1"
]
}
],
"aliases": [],
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of Redis with LUA scripting. This issue is fixed in version 8.2.2. A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing LUA scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.",
"id": "UBUNTU-CVE-2025-46818",
"modified": "2026-05-20T15:22:52Z",
"published": "2025-10-03T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46818"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/45eac0262028c771b6f5307372814b75f49f7a9e"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
}
],
"related": [
"USN-7893-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-46818"
]
}
ubuntu-cve-2025-46819
Vulnerability from osv_ubuntu
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-server",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:2.6.13-1",
"2:2.6.16-3",
"2:2.8.0-1",
"2:2.8.2-1",
"2:2.8.4-2",
"2:2.8.4-2ubuntu0.2",
"2:2.8.4-2ubuntu0.2+esm1",
"2:2.8.4-2ubuntu0.2+esm2",
"2:2.8.4-2ubuntu0.2+esm3",
"2:2.8.4-2ubuntu0.2+esm4",
"2:2.8.4-2ubuntu0.2+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-sentinel",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-server",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm5?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.0.3-3",
"2:3.0.5-1",
"2:3.0.5-2",
"2:3.0.5-3",
"2:3.0.5-4",
"2:3.0.6-1",
"2:3.0.6-1ubuntu0.2",
"2:3.0.6-1ubuntu0.3",
"2:3.0.6-1ubuntu0.4",
"2:3.0.6-1ubuntu0.4+esm1",
"2:3.0.6-1ubuntu0.4+esm2",
"2:3.0.6-1ubuntu0.4+esm3",
"2:3.0.6-1ubuntu0.4+esm4",
"2:3.0.6-1ubuntu0.4+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-server",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-tools",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm7?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4:4.0.1-7",
"4:4.0.2-6",
"4:4.0.2-9",
"5:4.0.5-1",
"5:4.0.6-1",
"5:4.0.6-2",
"5:4.0.7-1",
"5:4.0.8-1",
"5:4.0.8-2",
"5:4.0.9-1",
"5:4.0.9-1ubuntu0.1",
"5:4.0.9-1ubuntu0.2",
"5:4.0.9-1ubuntu0.2+esm2",
"5:4.0.9-1ubuntu0.2+esm3",
"5:4.0.9-1ubuntu0.2+esm4",
"5:4.0.9-1ubuntu0.2+esm5",
"5:4.0.9-1ubuntu0.2+esm6",
"5:4.0.9-1ubuntu0.2+esm7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-server",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm4?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:5.0.5-2build1",
"5:5.0.6-1",
"5:5.0.7-1",
"5:5.0.7-2",
"5:5.0.7-2ubuntu0.1~esm1",
"5:5.0.7-2ubuntu0.1",
"5:5.0.7-2ubuntu0.1+esm1",
"5:5.0.7-2ubuntu0.1+esm2",
"5:5.0.7-2ubuntu0.1+esm3",
"5:5.0.7-2ubuntu0.1+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-server",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1.1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:6.0.15-1",
"5:6.0.16-1",
"5:6.0.16-1build1",
"5:6.0.16-1ubuntu1",
"5:6.0.16-1ubuntu1+esm1",
"5:6.0.16-1ubuntu1+esm2",
"5:6.0.16-1ubuntu1.1",
"5:6.0.16-1ubuntu1.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-server",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.12-1",
"5:7.0.14-1",
"5:7.0.14-2",
"5:7.0.15-1",
"5:7.0.15-1build1",
"5:7.0.15-1build2",
"5:7.0.15-1ubuntu0.24.04.1",
"5:7.0.15-1ubuntu0.24.04.2",
"5:7.0.15-1ubuntu0.24.04.3",
"5:7.0.15-1ubuntu0.24.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.5+ds-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.2+ds-1",
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.5+ds-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.15-3",
"5:7.0.15-3.1",
"5:8.0.2-3",
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.6+ds-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.6+ds-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.6+ds-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.5-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1",
"5:8.0.5-1"
]
}
],
"aliases": [],
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.",
"id": "UBUNTU-CVE-2025-46819",
"modified": "2026-05-20T15:22:52Z",
"published": "2025-10-03T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46819"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
}
],
"related": [
"USN-7893-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-46819"
]
}
ubuntu-cve-2025-49112
Vulnerability from osv_ubuntu
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-server",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:2.6.13-1",
"2:2.6.16-3",
"2:2.8.0-1",
"2:2.8.2-1",
"2:2.8.4-2",
"2:2.8.4-2ubuntu0.2",
"2:2.8.4-2ubuntu0.2+esm1",
"2:2.8.4-2ubuntu0.2+esm2",
"2:2.8.4-2ubuntu0.2+esm3",
"2:2.8.4-2ubuntu0.2+esm4",
"2:2.8.4-2ubuntu0.2+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis-sentinel",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-server",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:3.0.6-1ubuntu0.4+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm5?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.0.3-3",
"2:3.0.5-1",
"2:3.0.5-2",
"2:3.0.5-3",
"2:3.0.5-4",
"2:3.0.6-1",
"2:3.0.6-1ubuntu0.2",
"2:3.0.6-1ubuntu0.3",
"2:3.0.6-1ubuntu0.4",
"2:3.0.6-1ubuntu0.4+esm1",
"2:3.0.6-1ubuntu0.4+esm2",
"2:3.0.6-1ubuntu0.4+esm3",
"2:3.0.6-1ubuntu0.4+esm4",
"2:3.0.6-1ubuntu0.4+esm5"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-server",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
},
{
"binary_name": "redis-tools",
"binary_version": "5:4.0.9-1ubuntu0.2+esm7"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm7?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4:4.0.1-7",
"4:4.0.2-6",
"4:4.0.2-9",
"5:4.0.5-1",
"5:4.0.6-1",
"5:4.0.6-2",
"5:4.0.7-1",
"5:4.0.8-1",
"5:4.0.8-2",
"5:4.0.9-1",
"5:4.0.9-1ubuntu0.1",
"5:4.0.9-1ubuntu0.2",
"5:4.0.9-1ubuntu0.2+esm2",
"5:4.0.9-1ubuntu0.2+esm3",
"5:4.0.9-1ubuntu0.2+esm4",
"5:4.0.9-1ubuntu0.2+esm5",
"5:4.0.9-1ubuntu0.2+esm6",
"5:4.0.9-1ubuntu0.2+esm7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-server",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:5.0.7-2ubuntu0.1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm4?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:5.0.5-2build1",
"5:5.0.6-1",
"5:5.0.7-1",
"5:5.0.7-2",
"5:5.0.7-2ubuntu0.1~esm1",
"5:5.0.7-2ubuntu0.1",
"5:5.0.7-2ubuntu0.1+esm1",
"5:5.0.7-2ubuntu0.1+esm2",
"5:5.0.7-2ubuntu0.1+esm3",
"5:5.0.7-2ubuntu0.1+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-server",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:6.0.16-1ubuntu1.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1.1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:6.0.15-1",
"5:6.0.16-1",
"5:6.0.16-1build1",
"5:6.0.16-1ubuntu1",
"5:6.0.16-1ubuntu1+esm1",
"5:6.0.16-1ubuntu1+esm2",
"5:6.0.16-1ubuntu1.1",
"5:6.0.16-1ubuntu1.1+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-server",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
},
{
"binary_name": "redis-tools",
"binary_version": "5:7.0.15-1ubuntu0.24.04.4"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.4?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.12-1",
"5:7.0.14-1",
"5:7.0.14-2",
"5:7.0.15-1",
"5:7.0.15-1build1",
"5:7.0.15-1build2",
"5:7.0.15-1ubuntu0.24.04.1",
"5:7.0.15-1ubuntu0.24.04.2",
"5:7.0.15-1ubuntu0.24.04.3",
"5:7.0.15-1ubuntu0.24.04.4"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.5+ds-1ubuntu0.2"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.5+ds-1ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.2+ds-1",
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.5+ds-1ubuntu0.2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.15-3",
"5:7.0.15-3.1",
"5:8.0.2-3",
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.6+ds-1"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.6+ds-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.6+ds-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.5+ds-1",
"7.3.5+ds-1ubuntu0.1",
"7.3.6+ds-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.5-1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.5-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.5-1?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:8.0.2-3build1",
"5:8.0.2-3ubuntu0.25.10.1",
"5:8.0.5-1"
]
}
],
"aliases": [],
"details": "setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev-\u003esize - prev-\u003eused.",
"id": "UBUNTU-CVE-2025-49112",
"modified": "2026-05-20T15:22:53Z",
"published": "2025-06-02T05:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-49112"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49112"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/pull/2101"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
}
],
"related": [
"USN-7893-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-49112"
]
}
ubuntu-cve-2025-49844
Vulnerability from osv_ubuntu
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
| URL | Type | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-5ubuntu0.1"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-5ubuntu0.1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-5ubuntu0.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-5",
"5.1.5-5ubuntu0.1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "redis-server",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
},
{
"binary_name": "redis-tools",
"binary_version": "2:2.8.4-2ubuntu0.2+esm5"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm5?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:2.8.4-2ubuntu0.2+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:2.6.13-1",
"2:2.6.16-3",
"2:2.8.0-1",
"2:2.8.2-1",
"2:2.8.4-2",
"2:2.8.4-2ubuntu0.2",
"2:2.8.4-2ubuntu0.2+esm1",
"2:2.8.4-2ubuntu0.2+esm2",
"2:2.8.4-2ubuntu0.2+esm3",
"2:2.8.4-2ubuntu0.2+esm4"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "redis-sentinel",
"binary_version": "2:3.0.6-1ubuntu0.4+esm4"
},
{
"binary_name": "redis-server",
"binary_version": "2:3.0.6-1ubuntu0.4+esm4"
},
{
"binary_name": "redis-tools",
"binary_version": "2:3.0.6-1ubuntu0.4+esm4"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm4?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2:3.0.6-1ubuntu0.4+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2:3.0.3-3",
"2:3.0.5-1",
"2:3.0.5-2",
"2:3.0.5-3",
"2:3.0.5-4",
"2:3.0.6-1",
"2:3.0.6-1ubuntu0.2",
"2:3.0.6-1ubuntu0.3",
"2:3.0.6-1ubuntu0.4",
"2:3.0.6-1ubuntu0.4+esm1",
"2:3.0.6-1ubuntu0.4+esm2",
"2:3.0.6-1ubuntu0.4+esm3"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua50",
"binary_version": "5.0.3-7"
},
{
"binary_name": "liblualib50",
"binary_version": "5.0.3-7"
},
{
"binary_name": "lua50",
"binary_version": "5.0.3-7"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:16.04:LTS",
"name": "lua50",
"purl": "pkg:deb/ubuntu/lua50@5.0.3-7?arch=source\u0026distro=xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.3-7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-8.1build2"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-8.1build2"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-8.1build2?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-8.1build1",
"5.1.5-8.1build2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua50",
"binary_version": "5.0.3-8"
},
{
"binary_name": "liblualib50",
"binary_version": "5.0.3-8"
},
{
"binary_name": "lua50",
"binary_version": "5.0.3-8"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "lua50",
"purl": "pkg:deb/ubuntu/lua50@5.0.3-8?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.3-8"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:4.0.9-1ubuntu0.2+esm6"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:4.0.9-1ubuntu0.2+esm6"
},
{
"binary_name": "redis-server",
"binary_version": "5:4.0.9-1ubuntu0.2+esm6"
},
{
"binary_name": "redis-tools",
"binary_version": "5:4.0.9-1ubuntu0.2+esm6"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm6?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5:4.0.9-1ubuntu0.2+esm6"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"4:4.0.1-7",
"4:4.0.2-6",
"4:4.0.2-9",
"5:4.0.5-1",
"5:4.0.6-1",
"5:4.0.6-2",
"5:4.0.7-1",
"5:4.0.8-1",
"5:4.0.8-2",
"5:4.0.9-1",
"5:4.0.9-1ubuntu0.1",
"5:4.0.9-1ubuntu0.2",
"5:4.0.9-1ubuntu0.2+esm2",
"5:4.0.9-1ubuntu0.2+esm3",
"5:4.0.9-1ubuntu0.2+esm4",
"5:4.0.9-1ubuntu0.2+esm5"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-8.1ubuntu0.20.04.1~esm1"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-8.1ubuntu0.20.04.1~esm1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-8.1ubuntu0.20.04.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.5-8.1ubuntu0.20.04.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-8.1build3",
"5.1.5-8.1build4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua50",
"binary_version": "5.0.3-8build1"
},
{
"binary_name": "liblualib50",
"binary_version": "5.0.3-8build1"
},
{
"binary_name": "lua50",
"binary_version": "5.0.3-8build1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "lua50",
"purl": "pkg:deb/ubuntu/lua50@5.0.3-8build1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.0.3-8build1"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-8.1ubuntu0.22.04.1~esm1"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-8.1ubuntu0.22.04.1~esm1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-8.1ubuntu0.22.04.1~esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.5-8.1ubuntu0.22.04.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-8.1build4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-9build2"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-9build2"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-9build2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-9",
"5.1.5-9build1",
"5.1.5-9build2"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:7.0.15-1ubuntu0.24.04.2"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:7.0.15-1ubuntu0.24.04.2"
},
{
"binary_name": "redis-server",
"binary_version": "5:7.0.15-1ubuntu0.24.04.2"
},
{
"binary_name": "redis-tools",
"binary_version": "5:7.0.15-1ubuntu0.24.04.2"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5:7.0.15-1ubuntu0.24.04.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.12-1",
"5:7.0.14-1",
"5:7.0.14-2",
"5:7.0.15-1",
"5:7.0.15-1build1",
"5:7.0.15-1build2",
"5:7.0.15-1ubuntu0.24.04.1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-redis-compat",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-sentinel",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.2.11+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.2.5+dfsg1-2ubuntu4~24.04.1",
"7.2.7+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.1",
"7.2.8+dfsg1-0ubuntu0.24.04.2",
"7.2.8+dfsg1-0ubuntu0.24.04.3",
"7.2.10+dfsg1-0ubuntu0.1",
"7.2.11+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-11"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-11"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-11?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-11"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "redict",
"binary_version": "7.3.5+ds-1ubuntu0.1"
},
{
"binary_name": "redict-sentinel",
"binary_version": "7.3.5+ds-1ubuntu0.1"
},
{
"binary_name": "redict-server",
"binary_version": "7.3.5+ds-1ubuntu0.1"
},
{
"binary_name": "redict-tools",
"binary_version": "7.3.5+ds-1ubuntu0.1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redict",
"purl": "pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7.3.5+ds-1ubuntu0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"7.3.2+ds-1",
"7.3.5+ds-1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "redis",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-sentinel",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-server",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
},
{
"binary_name": "redis-tools",
"binary_version": "5:8.0.2-3ubuntu0.25.10.1"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "redis",
"purl": "pkg:deb/ubuntu/redis@5:8.0.2-3ubuntu0.25.10.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5:8.0.2-3ubuntu0.25.10.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5:7.0.15-3",
"5:7.0.15-3.1",
"5:8.0.2-3",
"5:8.0.2-3build1"
]
},
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "valkey-sentinel",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-server",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
},
{
"binary_name": "valkey-tools",
"binary_version": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "valkey",
"purl": "pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.1.4+dfsg1-0ubuntu0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8.0.2+dfsg1-1ubuntu1",
"8.1.1+dfsg1-2ubuntu1",
"8.1.3+dfsg1-0ubuntu1",
"8.1.3+dfsg1-0ubuntu2",
"8.1.4+dfsg1-0ubuntu0.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "liblua5.1-0",
"binary_version": "5.1.5-12"
},
{
"binary_name": "lua5.1",
"binary_version": "5.1.5-12"
}
],
"priority_reason": "This CVE is likely easy to exploit in the default configuration"
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "lua5.1",
"purl": "pkg:deb/ubuntu/lua5.1@5.1.5-12?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"5.1.5-11",
"5.1.5-11build1",
"5.1.5-12"
]
}
],
"aliases": [],
"details": "Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.",
"id": "UBUNTU-CVE-2025-49844",
"modified": "2026-06-04T15:15:28Z",
"published": "2025-10-03T20:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"type": "REPORT",
"url": "https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"type": "REPORT",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7824-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7824-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7824-3"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7893-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8169-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-8262-1"
}
],
"related": [
"USN-7824-1",
"USN-7824-2",
"USN-7824-3",
"USN-7893-1",
"USN-8169-1",
"USN-8262-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "high",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2025-49844"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.