CNNVD-202510-449 Information
CNNVD ID
CNNVD-202510-449
Related CVE
- CNNVD Published: 2025-10-03
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在输入验证错误漏洞,该漏洞源于特制Lua脚本可能导致整数溢出,从而引发远程代码执行。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. Redis 8.2.1 and previous versions had input validation error holes, which stemmed from the fact that a specially made Lua script could result in an integer spill, thus triggering remote code execution.
Hazard Level
Low
Vulnerability Type
输入验证错误
Affected Vendor
Redis
Published
2025-10-03
Last Modified
2026-02-24
References
https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp https://github.com/redis/redis/releases/tag/8.2.2 https://vigilance.fr/vulnerability/Redis-four-vulnerabilities-dated-03-10-2025-48381