BIT-keydb-2025-46819

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/keydb/BIT-keydb-2025-46819.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-keydb-2025-46819

Aliases

Published

2025-10-08T08:43:23.522Z

Modified

2025-10-08T09:27:04.224960Z

Summary

Redis is vulnerable to DoS via specially crafted LUA scripts

Details

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / keydb

Package

Name: keydb
Purl: pkg:bitnami/keydb

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.2.20

Introduced

7.0.0

Fixed

7.2.11

Introduced

7.3.0

Fixed

7.4.6

Introduced

8.0.0

Fixed

8.0.4

Introduced

8.1.0

Fixed

8.2.2