EUVD-2025-33202CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Analysis
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.
Technical ContextAI
An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).
RemediationAI
A vendor patch is available — apply it immediately. Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.
More from same product – last 7 days
Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level priv
Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt me
SQL injection in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to compromise the MySQL-backed CNID
Arbitrary file read in Netatalk 3.0.2 through 4.4.2 allows authenticated remote attackers to create attacker-controlled
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| noble | DNE | - |
| upstream | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| upstream | needs-triage | - |
| noble | released | 7.2.11+dfsg1-0ubuntu0.2 |
| plucky | released | 8.0.6+dfsg1-0ubuntu0.2 |
| questing | released | 8.1.4+dfsg1-0ubuntu0.2 |
| Release | Status | Version |
|---|---|---|
| bionic | not-affected | uses system lua |
| focal | not-affected | uses system lua |
| jammy | not-affected | uses system lua |
| noble | not-affected | uses system lua |
| plucky | not-affected | uses system lua |
| trusty | not-affected | uses system lua |
| upstream | released | 8.2.2 |
| xenial | not-affected | uses system lua |
| questing | not-affected | uses system lua |
Debian
Bug #1117690| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| forky, sid | fixed | 7.3.6+ds-1 | - |
| (unstable) | fixed | 7.3.6+ds-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 5:6.0.16-1+deb11u8 | - |
| bullseye (security) | fixed | 5:6.0.16-1+deb11u8 | - |
| bookworm, bookworm (security) | fixed | 5:7.0.15-1~deb12u6 | - |
| trixie (security), trixie | fixed | 5:8.0.2-3+deb13u1 | - |
| forky, sid | fixed | 5:8.0.5-1 | - |
| bookworm | fixed | 5:7.0.15-1~deb12u6 | - |
| trixie | fixed | 5:8.0.2-3+deb13u1 | - |
| (unstable) | fixed | 5:8.0.4-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| trixie (security), trixie | fixed | 8.1.1+dfsg1-3+deb13u1 | - |
| forky, sid | fixed | 8.1.4+dfsg1-1 | - |
| trixie | fixed | 8.1.1+dfsg1-3+deb13u1 | - |
| (unstable) | fixed | 8.1.4+dfsg1-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today