CVE-2015-4335
redis: Lua sandbox escape and arbitrary code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Redis anterior a versión 2.8.21 y versiones 3.x y anteriores a 3.0.2, permite a los atacantes remotos ejecutar el código byte Lua arbitrario por medio del comando eval.
A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system.
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system. All users of redis are advised to upgrade to these updated packages, which correct this issue.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-05 CVE Reserved
- 2015-06-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-17: DEPRECATED: Code
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/06/04/12 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/06/04/8 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/06/05/3 | Mailing List |
|
| http://www.securityfocus.com/bid/75034 | Third Party Advisory | |
| https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 | Third Party Advisory | |
| https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | <= 2.8.20 Search vendor "Redislabs" for product "Redis" and version " <= 2.8.20" | - |
Affected
| ||||||
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | 3.0.0 Search vendor "Redislabs" for product "Redis" and version "3.0.0" | - |
Affected
| ||||||
| Redislabs Search vendor "Redislabs" | Redis Search vendor "Redislabs" for product "Redis" | 3.0.1 Search vendor "Redislabs" for product "Redis" and version "3.0.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||