UBUNTU-CVE-2024-46981
- Source
- https://ubuntu.com/security/CVE-2024-46981
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-46981.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-46981
- Related
- Published
- 2025-01-06T22:15:00Z
- Modified
- 2025-03-10T04:44:32Z
- Summary
- [none]
- Details
-
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
- References
-
- https://ubuntu.com/security/CVE-2024-46981
- https://www.cve.org/CVERecord?id=CVE-2024-46981
- https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c
- https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf
- https://codeberg.org/redict/redict/issues/60
- https://github.com/valkey-io/valkey/commit/4ffd3ebdeb028d0b9e50cf5986e9f1b6a2e1c031
- https://github.com/redis/redis/releases/tag/6.2.17
- https://github.com/redis/redis/releases/tag/7.2.7
- https://github.com/redis/redis/releases/tag/7.4.2
- https://ubuntu.com/security/notices/USN-7321-1
Affected packages
Ubuntu:Pro:14.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:2.8.4-2ubuntu0.2+esm4
Affected versions
2:2.*
2:2.6.13-1
2:2.6.16-3
2:2.8.0-1
2:2.8.2-1
2:2.8.4-2
2:2.8.4-2ubuntu0.2
2:2.8.4-2ubuntu0.2+esm1
2:2.8.4-2ubuntu0.2+esm2
2:2.8.4-2ubuntu0.2+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2:2.8.4-2ubuntu0.2+esm4",
"binary_name": "redis-server"
},
{
"binary_version": "2:2.8.4-2ubuntu0.2+esm4",
"binary_name": "redis-server-dbgsym"
},
{
"binary_version": "2:2.8.4-2ubuntu0.2+esm4",
"binary_name": "redis-tools"
},
{
"binary_version": "2:2.8.4-2ubuntu0.2+esm4",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:Pro:16.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:3.0.6-1ubuntu0.4+esm3
Affected versions
2:3.*
2:3.0.3-3
2:3.0.5-1
2:3.0.5-2
2:3.0.5-3
2:3.0.5-4
2:3.0.6-1
2:3.0.6-1ubuntu0.2
2:3.0.6-1ubuntu0.3
2:3.0.6-1ubuntu0.4
2:3.0.6-1ubuntu0.4+esm1
2:3.0.6-1ubuntu0.4+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "2:3.0.6-1ubuntu0.4+esm3",
"binary_name": "redis-sentinel"
},
{
"binary_version": "2:3.0.6-1ubuntu0.4+esm3",
"binary_name": "redis-server"
},
{
"binary_version": "2:3.0.6-1ubuntu0.4+esm3",
"binary_name": "redis-server-dbgsym"
},
{
"binary_version": "2:3.0.6-1ubuntu0.4+esm3",
"binary_name": "redis-tools"
},
{
"binary_version": "2:3.0.6-1ubuntu0.4+esm3",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:Pro:18.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm5?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:4.0.9-1ubuntu0.2+esm5
Affected versions
4:4.*
4:4.0.1-7
4:4.0.2-6
4:4.0.2-9
5:4.*
5:4.0.5-1
5:4.0.6-1
5:4.0.6-2
5:4.0.7-1
5:4.0.8-1
5:4.0.8-2
5:4.0.9-1
5:4.0.9-1ubuntu0.1
5:4.0.9-1ubuntu0.2
5:4.0.9-1ubuntu0.2+esm2
5:4.0.9-1ubuntu0.2+esm3
5:4.0.9-1ubuntu0.2+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "5:4.0.9-1ubuntu0.2+esm5",
"binary_name": "redis"
},
{
"binary_version": "5:4.0.9-1ubuntu0.2+esm5",
"binary_name": "redis-sentinel"
},
{
"binary_version": "5:4.0.9-1ubuntu0.2+esm5",
"binary_name": "redis-server"
},
{
"binary_version": "5:4.0.9-1ubuntu0.2+esm5",
"binary_name": "redis-tools"
},
{
"binary_version": "5:4.0.9-1ubuntu0.2+esm5",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:20.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1?arch=source&distro=focal
Ubuntu:Pro:20.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm3?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:5.0.7-2ubuntu0.1+esm3
Affected versions
5:5.*
5:5.0.5-2build1
5:5.0.6-1
5:5.0.7-1
5:5.0.7-2
5:5.0.7-2ubuntu0.1~esm1
5:5.0.7-2ubuntu0.1
5:5.0.7-2ubuntu0.1+esm1
5:5.0.7-2ubuntu0.1+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "5:5.0.7-2ubuntu0.1+esm3",
"binary_name": "redis"
},
{
"binary_version": "5:5.0.7-2ubuntu0.1+esm3",
"binary_name": "redis-sentinel"
},
{
"binary_version": "5:5.0.7-2ubuntu0.1+esm3",
"binary_name": "redis-server"
},
{
"binary_version": "5:5.0.7-2ubuntu0.1+esm3",
"binary_name": "redis-tools"
},
{
"binary_version": "5:5.0.7-2ubuntu0.1+esm3",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:22.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1?arch=source&distro=jammy
Ubuntu:Pro:22.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1+esm2?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:6.0.16-1ubuntu1+esm2
Affected versions
5:6.*
5:6.0.15-1
5:6.0.16-1
5:6.0.16-1build1
5:6.0.16-1ubuntu1
5:6.0.16-1ubuntu1+esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "5:6.0.16-1ubuntu1+esm2",
"binary_name": "redis"
},
{
"binary_version": "5:6.0.16-1ubuntu1+esm2",
"binary_name": "redis-sentinel"
},
{
"binary_version": "5:6.0.16-1ubuntu1+esm2",
"binary_name": "redis-server"
},
{
"binary_version": "5:6.0.16-1ubuntu1+esm2",
"binary_name": "redis-tools"
},
{
"binary_version": "5:6.0.16-1ubuntu1+esm2",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:24.10 / redict
Package
- Name
- redict
- Purl
- pkg:deb/ubuntu/redict@7.3.0+ds-3?arch=source&distro=oracular
Ubuntu:24.10 / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.10.1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:7.0.15-1ubuntu0.24.10.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "5:7.0.15-1ubuntu0.24.10.1",
"binary_name": "redis"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.10.1",
"binary_name": "redis-sentinel"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.10.1",
"binary_name": "redis-server"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.10.1",
"binary_name": "redis-tools"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.10.1",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:24.10 / valkey
Package
- Name
- valkey
- Purl
- pkg:deb/ubuntu/valkey@7.2.8+dfsg1-0ubuntu0.24.10.1?arch=source&distro=oracular
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / redis
Package
- Name
- redis
- Purl
- pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5:7.0.15-1ubuntu0.24.04.1
Affected versions
5:7.*
5:7.0.12-1
5:7.0.14-1
5:7.0.14-2
5:7.0.15-1
5:7.0.15-1build1
5:7.0.15-1build2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "5:7.0.15-1ubuntu0.24.04.1",
"binary_name": "redis"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.04.1",
"binary_name": "redis-sentinel"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.04.1",
"binary_name": "redis-server"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.04.1",
"binary_name": "redis-tools"
},
{
"binary_version": "5:7.0.15-1ubuntu0.24.04.1",
"binary_name": "redis-tools-dbgsym"
}
]
}
Ubuntu:24.04:LTS / valkey
Package
- Name
- valkey
- Purl
- pkg:deb/ubuntu/valkey@7.2.8+dfsg1-0ubuntu0.24.04.1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected