EUVD-2025-33200CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
4DescriptionNVD
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Analysis
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.
Technical ContextAI
An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).
RemediationAI
A vendor patch is available — apply it immediately. Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH
pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin
Vendor StatusVendor
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| noble | DNE | - |
| upstream | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
| Release | Status | Version |
|---|---|---|
| jammy | DNE | - |
| upstream | needs-triage | - |
| noble | released | 7.2.11+dfsg1-0ubuntu0.2 |
| plucky | released | 8.0.6+dfsg1-0ubuntu0.2 |
| questing | released | 8.1.4+dfsg1-0ubuntu0.2 |
| Release | Status | Version |
|---|---|---|
| bionic | needed | - |
| focal | needed | - |
| jammy | needed | - |
| noble | needed | - |
| trusty | needed | - |
| upstream | released | 8.2.2 |
| xenial | needed | - |
| plucky | ignored | end of life, was needed |
| questing | needed | - |
Debian
Bug #1117690| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| forky, sid | fixed | 7.3.6+ds-1 | - |
| (unstable) | fixed | 7.3.6+ds-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 5:6.0.16-1+deb11u8 | - |
| bullseye (security) | fixed | 5:6.0.16-1+deb11u8 | - |
| bookworm, bookworm (security) | fixed | 5:7.0.15-1~deb12u6 | - |
| trixie (security), trixie | fixed | 5:8.0.2-3+deb13u1 | - |
| forky, sid | fixed | 5:8.0.5-1 | - |
| bookworm | fixed | 5:7.0.15-1~deb12u6 | - |
| trixie | fixed | 5:8.0.2-3+deb13u1 | - |
| (unstable) | fixed | 5:8.0.4-1 | - |
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| trixie (security), trixie | fixed | 8.1.1+dfsg1-3+deb13u1 | - |
| forky, sid | fixed | 8.1.4+dfsg1-1 | - |
| trixie | fixed | 8.1.1+dfsg1-3+deb13u1 | - |
| (unstable) | fixed | 8.1.4+dfsg1-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today