Home > Vulnerability Database > CVE-2024-46981

Mend.io Vulnerability Database

CVE-2024-46981

Date: January 6, 2025

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.

Severity Score

7.0

Related Resources (11)

Url: https://www.vicarius.io/vsociety/posts/cve-2024-46981-mitigate-redis-vulnerability

Url: https://security.alpinelinux.org/vuln/CVE-2024-46981

Url: https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html

Url: https://www.vicarius.io/vsociety/posts/cve-2024-46981-detect-redis-vulnerability

Url: https://security-tracker.debian.org/tracker/CVE-2024-46981

Url: https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c

Url: https://github.com/redis/redis/releases/tag/7.4.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-46981

Url: https://github.com/redis/redis/releases/tag/6.2.17

Url: https://github.com/redis/redis/releases/tag/7.2.7

Url: https://www.mend.io/vulnerability-database/CVE-2024-46981

Severity Score

7.0

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-46981

Date: January 6, 2025

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?