CVE-2024-46981
Redis' Lua library commands may lead to remote code execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis es una base de datos en memoria de código abierto que persiste en el disco. Un usuario autenticado puede usar un script Lua especialmente manipulado para manipular el recolector de elementos no utilizados y potencialmente provocar la ejecución remota de código. El problema se solucionó en 7.4.2, 7.2.7 y 6.2.17. Un workaround adicional para mitigar el problema sin aplicar un parche al ejecutable redis-server es evitar que los usuarios ejecuten scripts Lua. Esto se puede hacer usando ACL para restringir los comandos EVAL y EVALSHA.
A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability.
The specific flaw exists within the Lua module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the service account.
An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-09-16 CVE Reserved
- 2025-01-06 CVE Published
- 2025-01-07 EPSS Updated
- 2025-01-20 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/redis/redis/releases/tag/6.2.17 | X_refsource_misc | |
| https://github.com/redis/redis/releases/tag/7.2.7 | X_refsource_misc | |
| https://github.com/redis/redis/releases/tag/7.4.2 | X_refsource_misc | |
| https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-46981 | 2025-01-27 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2336004 | 2025-01-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.4.0 < 7.4.2 Search vendor "Redis" for product "Redis" and version " >= 7.4.0 < 7.4.2" | en |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | >= 7.2.0 < 7.2.7 Search vendor "Redis" for product "Redis" and version " >= 7.2.0 < 7.2.7" | en |
Affected
| ||||||
| Redis Search vendor "Redis" | Redis Search vendor "Redis" for product "Redis" | < 6.2.17 Search vendor "Redis" for product "Redis" and version " < 6.2.17" | en |
Affected
| ||||||