UBUNTU-CVE-2025-46819

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-46819

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46819.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-46819

Upstream

CVE-2025-46819

Published

2025-10-03T19:15:00Z

Modified

2025-10-10T15:30:15Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

References

Affected packages

Ubuntu:22.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:6.0.16-1ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1

5:6.0.16-1build1

5:6.0.16-1ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:6.0.16-1ubuntu1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:24.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:7.0.15-1ubuntu0.24.04.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.12-1

5:7.0.14-1

5:7.0.14-2

5:7.0.15-1

5:7.0.15-1build1

5:7.0.15-1build2

5:7.0.15-1ubuntu0.24.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.15-1ubuntu0.24.04.1",
            "binary_name": "redis-tools"
        }
    ]
}

valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@7.2.10+dfsg1-0ubuntu0.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2.5+dfsg1-2ubuntu4~24.04.1

7.2.7+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.1

7.2.8+dfsg1-0ubuntu0.24.04.2

7.2.8+dfsg1-0ubuntu0.24.04.3

7.2.10+dfsg1-0ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.2.10+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-redis-compat"
        },
        {
            "binary_version": "7.2.10+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-sentinel"
        },
        {
            "binary_version": "7.2.10+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-server"
        },
        {
            "binary_version": "7.2.10+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-tools"
        }
    ]
}

Ubuntu:25.04

redict

Package

Name: redict
Purl: pkg:deb/ubuntu/redict@7.3.2+ds-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.0+ds-3

7.3.1+ds-1

7.3.2+ds-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.3.2+ds-1",
            "binary_name": "redict"
        },
        {
            "binary_version": "7.3.2+ds-1",
            "binary_name": "redict-sentinel"
        },
        {
            "binary_version": "7.3.2+ds-1",
            "binary_name": "redict-server"
        },
        {
            "binary_version": "7.3.2+ds-1",
            "binary_name": "redict-tools"
        }
    ]
}

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:7.0.15-3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.15-1build2

5:7.0.15-2

5:7.0.15-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:7.0.15-3",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.15-3",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.15-3",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.15-3",
            "binary_name": "redis-tools"
        }
    ]
}

valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@8.0.4+dfsg1-0ubuntu0.1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.2.5+dfsg1-2ubuntu4

8.*

8.0.1+dfsg1-1ubuntu1

8.0.2+dfsg1-1ubuntu1

8.0.2+dfsg1-1ubuntu2

8.0.4+dfsg1-0ubuntu0.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.0.4+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-redis-compat"
        },
        {
            "binary_version": "8.0.4+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-sentinel"
        },
        {
            "binary_version": "8.0.4+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-server"
        },
        {
            "binary_version": "8.0.4+dfsg1-0ubuntu0.1",
            "binary_name": "valkey-tools"
        }
    ]
}

Ubuntu:25.10

redict

Package

Name: redict
Purl: pkg:deb/ubuntu/redict@7.3.5+ds-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.2+ds-1

7.3.5+ds-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "7.3.5+ds-1",
            "binary_name": "redict"
        },
        {
            "binary_version": "7.3.5+ds-1",
            "binary_name": "redict-sentinel"
        },
        {
            "binary_version": "7.3.5+ds-1",
            "binary_name": "redict-server"
        },
        {
            "binary_version": "7.3.5+ds-1",
            "binary_name": "redict-tools"
        }
    ]
}

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:8.0.2-3build1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:7.*

5:7.0.15-3

5:7.0.15-3.1

5:8.*

5:8.0.2-3

5:8.0.2-3build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:8.0.2-3build1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:8.0.2-3build1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:8.0.2-3build1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:8.0.2-3build1",
            "binary_name": "redis-tools"
        }
    ]
}

valkey

Package

Name: valkey
Purl: pkg:deb/ubuntu/valkey@8.1.3+dfsg1-0ubuntu2?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.0.2+dfsg1-1ubuntu1

8.1.1+dfsg1-2ubuntu1

8.1.3+dfsg1-0ubuntu1

8.1.3+dfsg1-0ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "8.1.3+dfsg1-0ubuntu2",
            "binary_name": "valkey-sentinel"
        },
        {
            "binary_version": "8.1.3+dfsg1-0ubuntu2",
            "binary_name": "valkey-server"
        },
        {
            "binary_version": "8.1.3+dfsg1-0ubuntu2",
            "binary_name": "valkey-tools"
        }
    ]
}

Ubuntu:Pro:14.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@2:2.8.4-2ubuntu0.2+esm4?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:2.*

2:2.6.13-1

2:2.6.16-3

2:2.8.0-1

2:2.8.2-1

2:2.8.4-2

2:2.8.4-2ubuntu0.2

2:2.8.4-2ubuntu0.2+esm1

2:2.8.4-2ubuntu0.2+esm2

2:2.8.4-2ubuntu0.2+esm3

2:2.8.4-2ubuntu0.2+esm4

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm4",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm4",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:16.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@2:3.0.6-1ubuntu0.4+esm3?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:3.*

2:3.0.3-3

2:3.0.5-1

2:3.0.5-2

2:3.0.5-3

2:3.0.5-4

2:3.0.6-1

2:3.0.6-1ubuntu0.2

2:3.0.6-1ubuntu0.3

2:3.0.6-1ubuntu0.4

2:3.0.6-1ubuntu0.4+esm1

2:3.0.6-1ubuntu0.4+esm2

2:3.0.6-1ubuntu0.4+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm3",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm3",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm3",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:18.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:4.0.9-1ubuntu0.2+esm5?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4:4.*

4:4.0.1-7

4:4.0.2-6

4:4.0.2-9

5:4.*

5:4.0.5-1

5:4.0.6-1

5:4.0.6-2

5:4.0.7-1

5:4.0.8-1

5:4.0.8-2

5:4.0.9-1

5:4.0.9-1ubuntu0.1

5:4.0.9-1ubuntu0.2

5:4.0.9-1ubuntu0.2+esm2

5:4.0.9-1ubuntu0.2+esm3

5:4.0.9-1ubuntu0.2+esm4

5:4.0.9-1ubuntu0.2+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm5",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm5",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm5",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm5",
            "binary_name": "redis-tools"
        }
    ]
}

Ubuntu:Pro:20.04:LTS

redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis@5:5.0.7-2ubuntu0.1+esm3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:5.*

5:5.0.5-2build1

5:5.0.6-1

5:5.0.7-1

5:5.0.7-2

5:5.0.7-2ubuntu0.1~esm1

5:5.0.7-2ubuntu0.1

5:5.0.7-2ubuntu0.1+esm1

5:5.0.7-2ubuntu0.1+esm2

5:5.0.7-2ubuntu0.1+esm3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm3",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm3",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm3",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm3",
            "binary_name": "redis-tools"
        }
    ]
}