CNNVD-202510-401 Information
CNNVD ID
CNNVD-202510-401
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在资源管理错误漏洞,该漏洞源于特制Lua脚本可操纵垃圾收集器,触发释放后重用,可能导致远程代码执行。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. There is a resource management error gap in Redis 8.2.1 and earlier versions, which stems from the fact that a specially made Lua script can manipulate a garbage collector and trigger a reuse after release, which may lead to remote code execution.
Hazard Level
Low
Vulnerability Type
资源管理错误
Published
2025-10-03
Last Modified
2026-02-24
References
https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539 https://github.com/redis/redis/releases/tag/8.2.2 https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q https://www.oracle.com/security-alerts/cpujan2026.html https://vigilance.fr/vulnerability/Redis-four-vulnerabilities-dated-03-10-2025-48381