CNNVD-202510-438 Information
CNNVD ID
CNNVD-202510-438
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在输入验证错误漏洞,该漏洞源于特制LUA脚本可能导致越界数据读取或服务器崩溃,从而导致拒绝服务。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. Redis 8.2.1 and previous versions had input validation error holes, which stemmed from the fact that specially designed LUA scripts could lead to cross-border data reading or server collapse, leading to the denial of services.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
Redis
Published
2025-10-03
Last Modified
2026-02-24
References
https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f https://github.com/redis/redis/releases/tag/8.2.2 https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba https://vigilance.fr/vulnerability/Redis-four-vulnerabilities-dated-03-10-2025-48381