CVE-2025-46817
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-46817
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46817.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46817
- Aliases
-
- BIT-keydb-2025-46817
- BIT-redis-2025-46817
- BIT-valkey-2025-46817
- GHSA-m8fj-85cg-7vhp
- Downstream
- Related
- Published
- 2025-10-03T18:15:35Z
- Modified
- 2025-10-10T05:10:09.701519Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
- References
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
8.*
8.2-int
8.2-m01
8.2-m01-int
8.2-m01-int2
8.2-rc1
8.2-rc1-int
8.2.0
8.2.1
8.2.1-int
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2025-46817-1bff8e25",
"digest": {
"length": 564.0,
"function_hash": "231823367469822555940742382288933873230"
},
"signature_version": "v1",
"target": {
"function": "defragStream",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-2443885b",
"digest": {
"line_hashes": [
"125670280683194879539921835938120858029",
"79963122918448863169488879789633999900",
"178514249587135916334768771082338180637",
"167536582049891518806390257069890511495"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "deps/lua/src/ltable.c"
},
"source": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46817-2f43472c",
"digest": {
"length": 274.0,
"function_hash": "288446850232562980440863683026214219231"
},
"signature_version": "v1",
"target": {
"function": "defragStreamConsumerGroup",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-77eb7a7a",
"digest": {
"length": 316.0,
"function_hash": "269273620982420028349368441170132491277"
},
"signature_version": "v1",
"target": {
"function": "defragStreamConsumerPendingEntry",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-835c4ab1",
"digest": {
"length": 465.0,
"function_hash": "198452583128654122547339479691788179436"
},
"signature_version": "v1",
"target": {
"function": "luaB_unpack",
"file": "deps/lua/src/lbaselib.c"
},
"source": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-90636aee",
"digest": {
"length": 1028.0,
"function_hash": "278644848284550820802314798222846137842"
},
"signature_version": "v1",
"target": {
"function": "ebDefragRaxBucket",
"file": "src/ebuckets.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-9095d23c",
"digest": {
"length": 463.0,
"function_hash": "114821343489539077307346950160007344414"
},
"signature_version": "v1",
"target": {
"function": "luaH_getnum",
"file": "deps/lua/src/ltable.c"
},
"source": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-9771037c",
"digest": {
"line_hashes": [
"138051693839747285096021458702403893111",
"217792725282971082265874066493719589089",
"314104092114484613540366304337620153799",
"289838893004834880788220210160086127357",
"261640981466269970594854736063516974006",
"310366546339259136490471016273997718966",
"32133616761046458240624936400794999717",
"99379125398230922191097416962833631765",
"141940563608976522218604452044168104567",
"11220539234012554404348468137403013259",
"232481408480410736814504528475544114533",
"51866787026042368566811775065054533143",
"63433160957720909299274972010261027892",
"294256383012553041837446580576855146212",
"89382824653771948252974872163098475979",
"125843216691037721002607267089725657746",
"134688872856233222990888740724026394481",
"48326925826003410695033980425698456909",
"67996540693667022215470987524713099413",
"136018837045987266595679134463638862968",
"333375019022085398980596780008619891568",
"29915176327139359699601310212482016515",
"78998988978891701179665002117073134153",
"17549832641806627852119609812055732197",
"42446296350911664275182979645220907226",
"138975645959192329129097852787418759626",
"149158348708285902087935202222825724476",
"142605691491218526884160292427755441470",
"11688604414306184430853572012154672997",
"148558868641076683043063174755617384651",
"21028590655927164121484625827791262156",
"46089719024847428095945812658394875858",
"132152125759967892984304802846013499407",
"252710555466710673955941017321669831749",
"239262572873833474405578058531672783359",
"66720547795711375935066349761282397334",
"228824034014002333793286778567671435553",
"140423370034328928159919286536412352374",
"34259259009794645587500028432093165186",
"32714089352387174407290605263289841726",
"142160850842147572350805881228483295868",
"232067484793209163755223773554912439711",
"294077731618297973044671231562754097105",
"216744741664175839129273154417262477100",
"995446791351321522154638928135859875",
"191256389506455193250670539930255527581",
"302732920957766076804960979292947649450",
"26025635131505467470119512320366390742"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46817-b3bba80f",
"digest": {
"line_hashes": [
"244502848865928883332908724730119052311",
"141797934241402737746765354854429761657",
"121189225860232617002299124820059699861",
"325221416935840389820722274695630580016",
"303490719280172131208887830823944185073",
"43864785869962988976065089075595503762",
"53490938445701540411614375924248395921",
"23408075982072842741195268914820996812",
"320872889493649556307334100222506094780",
"244730142365431892013328866901959544225",
"170283847187515741955371454705299138105",
"235864933409515329941478345542925607458"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/ebuckets.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46817-bc7d22a5",
"digest": {
"line_hashes": [
"215183603034438790074787436400451326507",
"271254306717558512938290651667297911789",
"309902335175555326166799105380489864046",
"278280089201699928306779544643363540028",
"336878426482468871976108546882672249784",
"74907258639459001040493862410090902739",
"251369238004598570509070825067461752837",
"264188405051546521903392069016245411918",
"164349750841827671432993903885626756569",
"161144831204048545051086606829724637083"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "deps/lua/src/lbaselib.c"
},
"source": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46817-c715e681",
"digest": {
"length": 307.0,
"function_hash": "43521981978878587750908260601344872279"
},
"signature_version": "v1",
"target": {
"function": "activeDefragAlloc",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46817-f6afd884",
"digest": {
"length": 654.0,
"function_hash": "307600606145985118090248030247413925373"
},
"signature_version": "v1",
"target": {
"function": "activeDefragHExpiresOB",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
}
]
}