rhsa-2025:19086
Vulnerability from csaf_redhat
Published
2025-10-23 20:28
Modified
2025-11-06 23:42
Summary
Red Hat Security Advisory: redis security update
Notes
Topic
An update for redis is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for redis is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.\n\nSecurity Fix(es):\n\n* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)\n\n* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:19086",
"url": "https://access.redhat.com/errata/RHSA-2025:19086"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2401258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401258"
},
{
"category": "external",
"summary": "2401324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401324"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_19086.json"
}
],
"title": "Red Hat Security Advisory: redis security update",
"tracking": {
"current_release_date": "2025-11-06T23:42:39+00:00",
"generator": {
"date": "2025-11-06T23:42:39+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.11"
}
},
"id": "RHSA-2025:19086",
"initial_release_date": "2025-10-23T20:28:12+00:00",
"revision_history": [
{
"date": "2025-10-23T20:28:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-23T20:28:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-06T23:42:39+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-0:6.2.7-1.el9_2.5.src",
"product": {
"name": "redis-0:6.2.7-1.el9_2.5.src",
"product_id": "redis-0:6.2.7-1.el9_2.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@6.2.7-1.el9_2.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-0:6.2.7-1.el9_2.5.aarch64",
"product": {
"name": "redis-0:6.2.7-1.el9_2.5.aarch64",
"product_id": "redis-0:6.2.7-1.el9_2.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@6.2.7-1.el9_2.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"product": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"product_id": "redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-devel@6.2.7-1.el9_2.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"product": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"product_id": "redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debugsource@6.2.7-1.el9_2.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"product": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"product_id": "redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@6.2.7-1.el9_2.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-0:6.2.7-1.el9_2.5.ppc64le",
"product": {
"name": "redis-0:6.2.7-1.el9_2.5.ppc64le",
"product_id": "redis-0:6.2.7-1.el9_2.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@6.2.7-1.el9_2.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"product": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"product_id": "redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-devel@6.2.7-1.el9_2.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"product": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"product_id": "redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debugsource@6.2.7-1.el9_2.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"product": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"product_id": "redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@6.2.7-1.el9_2.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-0:6.2.7-1.el9_2.5.x86_64",
"product": {
"name": "redis-0:6.2.7-1.el9_2.5.x86_64",
"product_id": "redis-0:6.2.7-1.el9_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@6.2.7-1.el9_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"product": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"product_id": "redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-devel@6.2.7-1.el9_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"product": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"product_id": "redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debugsource@6.2.7-1.el9_2.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"product": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"product_id": "redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@6.2.7-1.el9_2.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-devel-0:6.2.7-1.el9_2.5.i686",
"product": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.i686",
"product_id": "redis-devel-0:6.2.7-1.el9_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-devel@6.2.7-1.el9_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"product": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"product_id": "redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debugsource@6.2.7-1.el9_2.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"product": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"product_id": "redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@6.2.7-1.el9_2.5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-0:6.2.7-1.el9_2.5.s390x",
"product": {
"name": "redis-0:6.2.7-1.el9_2.5.s390x",
"product_id": "redis-0:6.2.7-1.el9_2.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis@6.2.7-1.el9_2.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redis-devel-0:6.2.7-1.el9_2.5.s390x",
"product": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.s390x",
"product_id": "redis-devel-0:6.2.7-1.el9_2.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-devel@6.2.7-1.el9_2.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"product": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"product_id": "redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debugsource@6.2.7-1.el9_2.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"product": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"product_id": "redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-debuginfo@6.2.7-1.el9_2.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "redis-doc-0:6.2.7-1.el9_2.5.noarch",
"product": {
"name": "redis-doc-0:6.2.7-1.el9_2.5.noarch",
"product_id": "redis-doc-0:6.2.7-1.el9_2.5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redis-doc@6.2.7-1.el9_2.5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:6.2.7-1.el9_2.5.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64"
},
"product_reference": "redis-0:6.2.7-1.el9_2.5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:6.2.7-1.el9_2.5.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le"
},
"product_reference": "redis-0:6.2.7-1.el9_2.5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:6.2.7-1.el9_2.5.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x"
},
"product_reference": "redis-0:6.2.7-1.el9_2.5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:6.2.7-1.el9_2.5.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src"
},
"product_reference": "redis-0:6.2.7-1.el9_2.5.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-0:6.2.7-1.el9_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64"
},
"product_reference": "redis-0:6.2.7-1.el9_2.5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64"
},
"product_reference": "redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686"
},
"product_reference": "redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le"
},
"product_reference": "redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x"
},
"product_reference": "redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64"
},
"product_reference": "redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64"
},
"product_reference": "redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686"
},
"product_reference": "redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le"
},
"product_reference": "redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x"
},
"product_reference": "redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-debugsource-0:6.2.7-1.el9_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64"
},
"product_reference": "redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64"
},
"product_reference": "redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686"
},
"product_reference": "redis-devel-0:6.2.7-1.el9_2.5.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le"
},
"product_reference": "redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x"
},
"product_reference": "redis-devel-0:6.2.7-1.el9_2.5.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-devel-0:6.2.7-1.el9_2.5.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64"
},
"product_reference": "redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redis-doc-0:6.2.7-1.el9_2.5.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
},
"product_reference": "redis-doc-0:6.2.7-1.el9_2.5.noarch",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-46817",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-10-03T18:01:40.095653+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401258"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script (for example via EVAL/EVALSHA) that can trigger memory corruption and potentially lead to remote code execution within the Redis server process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "redis: Lua library commands may lead to integer overflow and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is classified as Moderate because exploitation requires an authenticated client with permission to execute Lua scripts (for example via EVAL/EVALSHA) rather than an unauthenticated network attacker, narrowing the exposure to already trusted principals or compromised application identities. The flaw is an integer overflow in Lua script handling that can corrupt memory, but reliable code execution is non-trivial and there are no public proofs of concept or known in-the-wild exploits as of the initial advisories, which lowers immediate operational risk despite the theoretical impact. Practically, triggering a controlled overflow through the embedded Lua runtime adds exploit complexity, as the attacker must shape arithmetic and memory behavior inside Redis\u2019s scripting environment to gain control flow, increasing the likelihood of crashes over deterministic RCE in typical configurations. Even in a worst case, the effect is within the Redis server process context rather than a guaranteed system-wide compromise, further reducing systemic blast radius if the service is not over-privileged.\n\nThis flaw exists only in the Redis server implementation; \n\nRedis client libraries (Python, Node.js, Rust, etc.) are not affected by this vulnerability, and it only exists in the Redis server\u2019s embedded Lua engine where scripts execute. Client libraries merely transmit EVAL/EVALSHA to the server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46817"
},
{
"category": "external",
"summary": "RHBZ#2401258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46817"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca",
"url": "https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/releases/tag/8.2.2",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp",
"url": "https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"
}
],
"release_date": "2025-10-03T17:52:48.478000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-23T20:28:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19086"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\n\nTo reduce the risk, restricting network access to trusted hosts, enforcing strong authentication and protected-mode, disabling or limiting Lua scripting where possible can be be benificial and apply least-privilege ACLs to reduce who can run scripting commands, keep instances non-public with firewalls/VPCs, and follow Redis hardening guidance to minimize exposure.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "redis: Lua library commands may lead to integer overflow and potential RCE"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-10-03T20:01:14.375087+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution (RCE) within the Redis process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Redis: Redis Lua Use-After-Free may lead to remote code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability should be rated Important rather than Moderate because it introduces a memory-safety defect in Redis\u2019s Lua subsystem that can be weaponized for remote code execution (RCE). An authenticated actor with permission to run Lua can craft scripts that trigger a use-after-free in the parser/stack-management code, giving precise control over freed memory and enabling arbitrary code execution inside the redis-server process. That risk is fundamentally different from a typical moderate issue (e.g., a crash or limited denial-of-service): successful exploitation directly compromises the server runtime and all in-memory contents\u2014cached data, session tokens, and application state\u2014rather than merely disrupting service. Because Redis commonly runs with elevated privileges and is a trusted core component in application architectures, an RCE in the server process undermines confidentiality, integrity, and availability across dependent services. Authenticated attackability, trivial exploitation via standard commands (EVAL/EVALSHA), and the potential for full-process compromise elevate CVE-2025-49844 to Important severity.\n\nThis flaw exists only in the Redis server implementation; \n\nRedis client libraries (Python, Node.js, Rust, etc.) are not affected by this vulnerability, and it only exists in the Redis server\u2019s embedded Lua engine where scripts execute. Client libraries merely transmit EVAL/EVALSHA to the server.\n\n\nRed Hat Satellite does not ship the Redis server, and the Redis client libraries it includes (such as python-redis, python-aioredis and rubygem-redis) are not impacted by this vulnerability. While Satellite consume the Redis package from the underlying RHEL system, which is affected, the Redis service in Satellite is bound only to the local interface and is accessible solely by internal components like Pulp and Dynflow. Since vulnerability requires sending crafted Lua payloads to the Redis command interface, and no external or untrusted clients can connect, the effective exposure within Satellite is nullified.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49844"
},
{
"category": "external",
"summary": "RHBZ#2401324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49844",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49844"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539",
"url": "https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/releases/tag/8.2.2",
"url": "https://github.com/redis/redis/releases/tag/8.2.2"
},
{
"category": "external",
"summary": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q",
"url": "https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"
},
{
"category": "external",
"summary": "https://redis.io/blog/security-advisory-cve-2025-49844/",
"url": "https://redis.io/blog/security-advisory-cve-2025-49844/"
}
],
"release_date": "2025-10-03T19:27:23.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-23T20:28:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:19086"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\n\nTo reduce the risk, restricting network access to trusted hosts, enforcing strong authentication and protected-mode, disabling or limiting Lua scripting where possible can be beneficial and apply least-privilege ACLs to reduce who can run scripting commands, keep instances non-public with firewalls/VPCs, and follow Redis hardening guidance to minimize exposure.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.src",
"AppStream-9.2.0.Z.E4S:redis-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debuginfo-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-debugsource-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.aarch64",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.i686",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.ppc64le",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.s390x",
"AppStream-9.2.0.Z.E4S:redis-devel-0:6.2.7-1.el9_2.5.x86_64",
"AppStream-9.2.0.Z.E4S:redis-doc-0:6.2.7-1.el9_2.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Redis: Redis Lua Use-After-Free may lead to remote code execution"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…