{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-46981", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-16T16:10:09.018Z", "datePublished": "2025-01-06T21:11:51.687Z", "dateUpdated": "2025-01-20T17:02:42.293Z"}, "containers": {"cna": {"title": "Redis' Lua library commands may lead to remote code execution", "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "lang": "en", "description": "CWE-416: Use After Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"}, {"name": "https://github.com/redis/redis/releases/tag/6.2.17", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/6.2.17"}, {"name": "https://github.com/redis/redis/releases/tag/7.2.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.2.7"}, {"name": "https://github.com/redis/redis/releases/tag/7.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/redis/redis/releases/tag/7.4.2"}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"version": ">= 7.4.0, < 7.4.2", "status": "affected"}, {"version": ">= 7.2.0, < 7.2.7", "status": "affected"}, {"version": "< 6.2.17", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:11:51.687Z"}, "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}], "source": {"advisory": "GHSA-39h2-x6c4-6w4c", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-06T21:41:47.467485Z", "id": "CVE-2024-46981", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:42:29.135Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-20T17:02:42.293Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-01-20T17:02:42.293Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-46981", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-06T21:41:47.467485Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-06T21:41:58.543Z"}}], "cna": {"title": "Redis' Lua library commands may lead to remote code execution", "source": {"advisory": "GHSA-39h2-x6c4-6w4c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "redis", "product": "redis", "versions": [{"status": "affected", "version": ">= 7.4.0, < 7.4.2"}, {"status": "affected", "version": ">= 7.2.0, < 7.2.7"}, {"status": "affected", "version": "< 6.2.17"}]}], "references": [{"url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "name": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/redis/redis/releases/tag/6.2.17", "name": "https://github.com/redis/redis/releases/tag/6.2.17", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/redis/redis/releases/tag/7.2.7", "name": "https://github.com/redis/redis/releases/tag/7.2.7", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/redis/redis/releases/tag/7.4.2", "name": "https://github.com/redis/redis/releases/tag/7.4.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-01-06T21:11:51.687Z"}}}, "cveMetadata": {"cveId": "CVE-2024-46981", "state": "PUBLISHED", "dateUpdated": "2025-01-20T17:02:42.293Z", "dateReserved": "2024-09-16T16:10:09.018Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-01-06T21:11:51.687Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}, {"lang": "es", "value": "Redis es una base de datos en memoria de c\u00f3digo abierto que persiste en el disco. Un usuario autenticado puede usar un script Lua especialmente manipulado para manipular el recolector de elementos no utilizados y potencialmente provocar la ejecuci\u00f3n remota de c\u00f3digo. El problema se solucion\u00f3 en 7.4.2, 7.2.7 y 6.2.17. Un workaround adicional para mitigar el problema sin aplicar un parche al ejecutable redis-server es evitar que los usuarios ejecuten scripts Lua. Esto se puede hacer usando ACL para restringir los comandos EVAL y EVALSHA."}], "id": "CVE-2024-46981", "lastModified": "2025-01-20T17:15:07.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-01-06T22:15:09.360", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/6.2.17"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/7.2.7"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/releases/tag/7.4.2"}, {"source": "security-advisories@github.com", "url": "https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:0595", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "redis:6-8100020250113083959.489197e6", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-22T00:00:00Z"}, {"advisory": "RHSA-2025:0685", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "redis:6-8040020250123095605.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0685", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "redis:6-8040020250123095605.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0685", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "redis:6-8040020250123095605.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0689", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "redis:6-8060020250122114132.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0689", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "redis:6-8060020250122114132.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0689", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "redis:6-8060020250122114132.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0640", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "redis:6-8080020250120175236.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-23T00:00:00Z"}, {"advisory": "RHSA-2025:0692", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "redis:7-9050020250115104757.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0693", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "redis-0:6.2.17-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-27T00:00:00Z"}, {"advisory": "RHSA-2025:0400", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "redis-0:6.2.6-1.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0398", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "redis-0:6.2.7-1.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0399", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "redis-0:6.2.7-1.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0566", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "redis:7-9040020250120173627.9", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-21T00:00:00Z"}], "bugzilla": {"description": "redis: Redis' Lua library commands may lead to remote code execution", "id": "2336004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2336004"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.", "A flaw was found in the Redis server. This flaw allows an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution."], "mitigation": {"lang": "en:us", "value": "A workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands."}, "name": "CVE-2024-46981", "package_state": [{"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-service-api-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Will not fix", "package_name": "ansible-tower", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/bootc-azure-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "rhelai1/instructlab-amd-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "io.hawt-hawtio-integration", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2025-01-06T21:11:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-46981\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-46981\nhttps://github.com/redis/redis/releases/tag/6.2.17\nhttps://github.com/redis/redis/releases/tag/7.2.7\nhttps://github.com/redis/redis/releases/tag/7.4.2\nhttps://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c"], "statement": "The problem exists in all versions of Redis with Lua scripting.\nThis vulnerability in Redis is classified as high severity rather than moderate due to its potential impact and exploitation scope. By manipulating the Lua garbage collector through crafted scripts, an authenticated attacker can achieve remote code execution (RCE), allowing them to execute arbitrary commands on the host system. This compromises not only the integrity and confidentiality of the data stored in Redis but also the underlying server itself. Furthermore, the exploitation does not require direct access to the server binary, making it feasible for attackers to execute through legitimate, albeit malicious, commands.", "threat_severity": "Important"}