{"id":"CVE-2025-49844","summary":"Redis Lua Use-After-Free may lead to remote code execution","details":"Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.","aliases":["BIT-keydb-2025-49844","BIT-redis-2025-49844","BIT-valkey-2025-49844","GHSA-4789-qfc9-5f9q"],"modified":"2026-04-02T12:51:58.493580Z","published":"2025-10-03T19:27:23.609Z","related":["ALSA-2025:19237","ALSA-2025:19238","ALSA-2025:19345","ALSA-2025:19675","ALSA-2025:20926","ALSA-2025:20955","ALSA-2025:21916","ALSA-2025:21936","CGA-43c5-9mmq-6v7h","MGASA-2025-0307","SUSE-SU-2025:03499-1","SUSE-SU-2025:03500-1","SUSE-SU-2025:03501-1","SUSE-SU-2025:03502-1","SUSE-SU-2025:03505-1","SUSE-SU-2025:03506-1","SUSE-SU-2025:03507-1","SUSE-SU-2026:20022-1","openSUSE-SU-2025:15600-1","openSUSE-SU-2025:15604-1","openSUSE-SU-2025:20121-1","openSUSE-SU-2026:20003-1"],"database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49844.json","cwe_ids":["CWE-416"]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/10/07/2"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.2.2"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/49xxx/CVE-2025-49844.json"},{"type":"ADVISORY","url":"https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49844"},{"type":"FIX","url":"https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539"},{"type":"EVIDENCE","url":"https://github.com/lastvocher/redis-CVE-2025-49844"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redis/redis","events":[{"introduced":"e91a340e241cf0abe3c6a0c254214fbe4aa1d95f"},{"fixed":"9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1"}]}],"versions":["8.0.0","8.0.1","8.0.1-int","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6"],"database_specific":{"vanir_signatures":[{"digest":{"length":564,"function_hash":"231823367469822555940742382288933873230"},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c","function":"defragStream"},"id":"CVE-2025-49844-1bff8e25","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"},{"digest":{"length":274,"function_hash":"288446850232562980440863683026214219231"},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c","function":"defragStreamConsumerGroup"},"id":"CVE-2025-49844-2f43472c","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"},{"digest":{"length":316,"function_hash":"269273620982420028349368441170132491277"},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c","function":"defragStreamConsumerPendingEntry"},"id":"CVE-2025-49844-77eb7a7a","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"},{"digest":{"length":1028,"function_hash":"278644848284550820802314798222846137842"},"deprecated":false,"signature_version":"v1","target":{"file":"src/ebuckets.c","function":"ebDefragRaxBucket"},"id":"CVE-2025-49844-90636aee","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["138051693839747285096021458702403893111","217792725282971082265874066493719589089","314104092114484613540366304337620153799","289838893004834880788220210160086127357","261640981466269970594854736063516974006","310366546339259136490471016273997718966","32133616761046458240624936400794999717","99379125398230922191097416962833631765","141940563608976522218604452044168104567","11220539234012554404348468137403013259","232481408480410736814504528475544114533","51866787026042368566811775065054533143","63433160957720909299274972010261027892","294256383012553041837446580576855146212","89382824653771948252974872163098475979","125843216691037721002607267089725657746","134688872856233222990888740724026394481","48326925826003410695033980425698456909","67996540693667022215470987524713099413","136018837045987266595679134463638862968","333375019022085398980596780008619891568","29915176327139359699601310212482016515","78998988978891701179665002117073134153","17549832641806627852119609812055732197","42446296350911664275182979645220907226","138975645959192329129097852787418759626","149158348708285902087935202222825724476","142605691491218526884160292427755441470","11688604414306184430853572012154672997","148558868641076683043063174755617384651","21028590655927164121484625827791262156","46089719024847428095945812658394875858","132152125759967892984304802846013499407","252710555466710673955941017321669831749","239262572873833474405578058531672783359","66720547795711375935066349761282397334","228824034014002333793286778567671435553","140423370034328928159919286536412352374","34259259009794645587500028432093165186","32714089352387174407290605263289841726","142160850842147572350805881228483295868","232067484793209163755223773554912439711","294077731618297973044671231562754097105","216744741664175839129273154417262477100","995446791351321522154638928135859875","191256389506455193250670539930255527581","302732920957766076804960979292947649450","26025635131505467470119512320366390742"]},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c"},"id":"CVE-2025-49844-9771037c","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["244502848865928883332908724730119052311","141797934241402737746765354854429761657","121189225860232617002299124820059699861","325221416935840389820722274695630580016","303490719280172131208887830823944185073","43864785869962988976065089075595503762","53490938445701540411614375924248395921","23408075982072842741195268914820996812","320872889493649556307334100222506094780","244730142365431892013328866901959544225","170283847187515741955371454705299138105","235864933409515329941478345542925607458"]},"deprecated":false,"signature_version":"v1","target":{"file":"src/ebuckets.c"},"id":"CVE-2025-49844-b3bba80f","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Line"},{"digest":{"length":307,"function_hash":"43521981978878587750908260601344872279"},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c","function":"activeDefragAlloc"},"id":"CVE-2025-49844-c715e681","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"},{"digest":{"length":654,"function_hash":"307600606145985118090248030247413925373"},"deprecated":false,"signature_version":"v1","target":{"file":"src/defrag.c","function":"activeDefragHExpiresOB"},"id":"CVE-2025-49844-f6afd884","source":"https://github.com/redis/redis/commit/9829bdbfd9e7eeb8fb6c79ce36bcc77a681824b1","signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49844.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/valkey-io/valkey","events":[{"introduced":"67c8683792fc9ab7e295f833478eca180c5e4691"},{"fixed":"5f4bae3ea10174a7c872cc099c953b0e91afa93a"}],"database_specific":{"versions":[{"introduced":"8.1.0"},{"fixed":"8.1.4"}]}}],"versions":["8.1.0","8.1.1","8.1.2","8.1.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-49844.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}