FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis,valkey -- Remote code execution valnerability

Affected packages
redis < 7.4.2
redis72 < 7.2.7
redis62 < 6.2.17
valkey < 8.0.2

Details

VuXML ID 5f19ac58-cc90-11ef-abed-08002784c58d
Discovery 2025-01-06
Entry 2025-01-10

Redis core team reports:

An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting.

[source]

References

CVE Name CVE-2024-46981
URL https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.