CVE-2025-46819
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-46819
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46819.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-46819
- Aliases
-
- BIT-keydb-2025-46819
- BIT-redis-2025-46819
- BIT-valkey-2025-46819
- GHSA-4c68-q8q8-3g4f
- Downstream
- Related
- Published
- 2025-10-03T19:15:43Z
- Modified
- 2025-10-10T05:10:08.376068Z
- Summary
- [none]
- Details
-
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
- References
Affected packages
Git / github.com/redis/redis
Affected ranges
- Type
- GIT
- Repo
- https://github.com/redis/redis
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.3.6
2.*
2.2-alpha0
2.2-alpha1
2.2-alpha2
2.2-alpha3
2.2-alpha4
2.2-alpha5
2.2-alpha6
2.2.0-rc1
2.3-alpha0
3.*
3.0-alpha0
8.*
8.2-int
8.2-m01
8.2-m01-int
8.2-m01-int2
8.2-rc1
8.2-rc1-int
8.2.0
8.2.1
8.2.1-int
8.2.2-int
v1.*
v1.3.10
v1.3.11
v1.3.12
v1.3.7
v1.3.8
v1.3.9
v2.*
v2.0.0-rc1
v2.1.1-watch
Other
vm-playpen
with-deprecated-diskstore
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2025-46819-1bff8e25",
"digest": {
"length": 564.0,
"function_hash": "231823367469822555940742382288933873230"
},
"signature_version": "v1",
"target": {
"function": "defragStream",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-2f43472c",
"digest": {
"length": 274.0,
"function_hash": "288446850232562980440863683026214219231"
},
"signature_version": "v1",
"target": {
"function": "defragStreamConsumerGroup",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-644a1d0e",
"digest": {
"length": 278.0,
"function_hash": "326159347923477095512422010962692078445"
},
"signature_version": "v1",
"target": {
"function": "skip_sep",
"file": "deps/lua/src/llex.c"
},
"source": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-77eb7a7a",
"digest": {
"length": 316.0,
"function_hash": "269273620982420028349368441170132491277"
},
"signature_version": "v1",
"target": {
"function": "defragStreamConsumerPendingEntry",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-90636aee",
"digest": {
"length": 1028.0,
"function_hash": "278644848284550820802314798222846137842"
},
"signature_version": "v1",
"target": {
"function": "ebDefragRaxBucket",
"file": "src/ebuckets.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-9771037c",
"digest": {
"line_hashes": [
"138051693839747285096021458702403893111",
"217792725282971082265874066493719589089",
"314104092114484613540366304337620153799",
"289838893004834880788220210160086127357",
"261640981466269970594854736063516974006",
"310366546339259136490471016273997718966",
"32133616761046458240624936400794999717",
"99379125398230922191097416962833631765",
"141940563608976522218604452044168104567",
"11220539234012554404348468137403013259",
"232481408480410736814504528475544114533",
"51866787026042368566811775065054533143",
"63433160957720909299274972010261027892",
"294256383012553041837446580576855146212",
"89382824653771948252974872163098475979",
"125843216691037721002607267089725657746",
"134688872856233222990888740724026394481",
"48326925826003410695033980425698456909",
"67996540693667022215470987524713099413",
"136018837045987266595679134463638862968",
"333375019022085398980596780008619891568",
"29915176327139359699601310212482016515",
"78998988978891701179665002117073134153",
"17549832641806627852119609812055732197",
"42446296350911664275182979645220907226",
"138975645959192329129097852787418759626",
"149158348708285902087935202222825724476",
"142605691491218526884160292427755441470",
"11688604414306184430853572012154672997",
"148558868641076683043063174755617384651",
"21028590655927164121484625827791262156",
"46089719024847428095945812658394875858",
"132152125759967892984304802846013499407",
"252710555466710673955941017321669831749",
"239262572873833474405578058531672783359",
"66720547795711375935066349761282397334",
"228824034014002333793286778567671435553",
"140423370034328928159919286536412352374",
"34259259009794645587500028432093165186",
"32714089352387174407290605263289841726",
"142160850842147572350805881228483295868",
"232067484793209163755223773554912439711",
"294077731618297973044671231562754097105",
"216744741664175839129273154417262477100",
"995446791351321522154638928135859875",
"191256389506455193250670539930255527581",
"302732920957766076804960979292947649450",
"26025635131505467470119512320366390742"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46819-999f8261",
"digest": {
"length": 1149.0,
"function_hash": "160389040932774715405081378127178935863"
},
"signature_version": "v1",
"target": {
"function": "read_long_string",
"file": "deps/lua/src/llex.c"
},
"source": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-9b109185",
"digest": {
"line_hashes": [
"144829334876230185066345285765158814887",
"279742935389581173292191856138931544410",
"215765032740037643824772614879323284047",
"213242628123676813387175623313661396399",
"55083034142049204632241201329241949014",
"215048617858120597919603407579439318055",
"259440883234995046910912248236619486713",
"260494755937238303923492964658313302777",
"276194066368501157954152700284066666230",
"94707200475635994372823335119274774861",
"176259491587763387991261812776342760498",
"212492134778124961926433754263892540871",
"42027674340306920062326473255884411452",
"199301606874769365825891439931912922250",
"329033506351339224480451678520876280449",
"127302129922227798151910125084632724709",
"94535324594953879461929819346479250737",
"65322983320577454142571951945802927544",
"203807739681426310411532628991088327433",
"239984062169985580185012062688901532488",
"271003825541790872949111337290190875763",
"132069889093100326132318809464417284630",
"61388540919664563504919109010216292549",
"332386823176333005457030871921314654916",
"336193097098225461072379910815244242437",
"78979781992554835567337540183858621220",
"146523706873816201161370095933801597868",
"159427003763174839321150473302931389390",
"273674300110827826571641614851398765194",
"338710683893099712279756398323063493458",
"192635063855744714622998688239136776630",
"290815551229080090940304251733804779519",
"2811663424156569429467134015278336468",
"60920245056987098901965684758091176571",
"104606825472929138115565222364167093734",
"201863372805067684355931623793745281336"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "deps/lua/src/llex.c"
},
"source": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46819-b3bba80f",
"digest": {
"line_hashes": [
"244502848865928883332908724730119052311",
"141797934241402737746765354854429761657",
"121189225860232617002299124820059699861",
"325221416935840389820722274695630580016",
"303490719280172131208887830823944185073",
"43864785869962988976065089075595503762",
"53490938445701540411614375924248395921",
"23408075982072842741195268914820996812",
"320872889493649556307334100222506094780",
"244730142365431892013328866901959544225",
"170283847187515741955371454705299138105",
"235864933409515329941478345542925607458"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "src/ebuckets.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Line"
},
{
"id": "CVE-2025-46819-be638539",
"digest": {
"length": 2384.0,
"function_hash": "247560495939137628181099225733907646729"
},
"signature_version": "v1",
"target": {
"function": "llex",
"file": "deps/lua/src/llex.c"
},
"source": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-c715e681",
"digest": {
"length": 307.0,
"function_hash": "43521981978878587750908260601344872279"
},
"signature_version": "v1",
"target": {
"function": "activeDefragAlloc",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-f2455f3a",
"digest": {
"length": 377.0,
"function_hash": "243302294120400708360033093554079831138"
},
"signature_version": "v1",
"target": {
"function": "luaX_setinput",
"file": "deps/lua/src/llex.c"
},
"source": "https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba",
"deprecated": false,
"signature_type": "Function"
},
{
"id": "CVE-2025-46819-f6afd884",
"digest": {
"length": 654.0,
"function_hash": "307600606145985118090248030247413925373"
},
"signature_version": "v1",
"target": {
"function": "activeDefragHExpiresOB",
"file": "src/defrag.c"
},
"source": "https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1",
"deprecated": false,
"signature_type": "Function"
}
]
}