{"id":"UBUNTU-CVE-2025-46817","details":"Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to cause an integer overflow and potentially lead to remote code execution The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2.","modified":"2026-02-04T14:46:15.203581Z","published":"2025-10-03T18:15:00Z","related":["USN-7893-1"],"upstream":["CVE-2025-46817"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-46817"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2025-46817"},{"type":"REPORT","url":"https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"},{"type":"REPORT","url":"https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"},{"type":"REPORT","url":"https://github.com/valkey-io/valkey/commit/6dd003e88feace83e55491f32376f6927896e31e"},{"type":"REPORT","url":"https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca"},{"type":"REPORT","url":"https://github.com/redis/redis/releases/tag/8.2.2"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7893-1"}],"affected":[{"package":{"name":"valkey","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/valkey@7.2.11+dfsg1-0ubuntu0.2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.11+dfsg1-0ubuntu0.2"}]}],"versions":["7.2.5+dfsg1-2ubuntu4~24.04.1","7.2.7+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.1","7.2.8+dfsg1-0ubuntu0.24.04.2","7.2.8+dfsg1-0ubuntu0.24.04.3","7.2.10+dfsg1-0ubuntu0.1","7.2.11+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"valkey-redis-compat","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-sentinel","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-server","binary_version":"7.2.11+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-tools","binary_version":"7.2.11+dfsg1-0ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46817.json"}},{"package":{"name":"redict","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/redict@7.3.5+ds-1ubuntu0.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.3.2+ds-1","7.3.5+ds-1","7.3.5+ds-1ubuntu0.1","7.3.5+ds-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_name":"redict","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-sentinel","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-server","binary_version":"7.3.5+ds-1ubuntu0.2"},{"binary_name":"redict-tools","binary_version":"7.3.5+ds-1ubuntu0.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46817.json"}},{"package":{"name":"valkey","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/valkey@8.1.4+dfsg1-0ubuntu0.2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.1.4+dfsg1-0ubuntu0.2"}]}],"versions":["8.0.2+dfsg1-1ubuntu1","8.1.1+dfsg1-2ubuntu1","8.1.3+dfsg1-0ubuntu1","8.1.3+dfsg1-0ubuntu2","8.1.4+dfsg1-0ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_name":"valkey-sentinel","binary_version":"8.1.4+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-server","binary_version":"8.1.4+dfsg1-0ubuntu0.2"},{"binary_name":"valkey-tools","binary_version":"8.1.4+dfsg1-0ubuntu0.2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-46817.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}