CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-46981

High Severity
SVRS
46/100
CVSSv3
7.0/10
EPSS
0.79776/1

CVE-2024-46981 is a critical vulnerability in Redis that allows for potential remote code execution. This flaw exists because an authenticated user can craft a malicious Lua script to manipulate the garbage collector. With an SVRS score of 46, while not immediately critical, this vulnerability should still be addressed promptly, especially in environments where users have the ability to execute Lua scripts. The vulnerability is resolved in Redis versions 7.4.2, 7.2.7, and 6.2.17. To mitigate this security risk without patching, restrict user access to EVAL and EVALSHA commands using ACL. Failing to address CVE-2024-46981 could lead to unauthorized code execution, compromising the integrity and availability of your Redis database. This vulnerability is significant because it highlights the risks associated with allowing users to execute arbitrary code within a database environment.

TAGS
In The Wild
X_refsource_MISC
X_refsource_CONFIRM
VECTOR STRING
CVSS:3.1
AV:L
AC:H
PR:L
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-19
LAST MODIFIED2025-01-06
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-46981 is a vulnerability in Redis, an open-source, in-memory database. This vulnerability allows an authenticated user to execute arbitrary code on the server by manipulating the garbage collector using a specially crafted Lua script. This vulnerability is considered high severity due to the possibility of remote code execution.

SVRS: 46 indicates the vulnerability is significant but not immediately critical. While it doesn't reach the critical threshold of 80, it still demands attention and proactive action to mitigate the risks.

Key Insights

  • Authenticated Exploitation: This vulnerability can be exploited by authenticated users, meaning an attacker needs to have valid credentials to access the Redis server.
  • Lua Script Manipulation: The vulnerability relies on the ability of an attacker to manipulate Lua scripts within the Redis environment. This highlights the importance of secure Lua scripting practices and careful validation of any scripts executed within Redis.
  • Potential for Remote Code Execution: The most severe consequence of this vulnerability is the possibility of remote code execution. This means an attacker could gain control of the compromised server and potentially access sensitive data or launch further attacks.
  • Workaround Available: While patching is the ideal solution, the provided workaround of disabling Lua script execution through ACLs can serve as an immediate mitigation step to reduce the risk.

Mitigation Strategies

  • Patching: Upgrade Redis to version 7.4.2, 7.2.7, or 6.2.17 to implement the official fix for this vulnerability.
  • ACLs: Restrict the use of the EVAL and EVALSHA commands through Access Control Lists (ACLs) to prevent users from executing Lua scripts unless absolutely necessary.
  • Input Validation: Carefully validate and sanitize any input received from users, especially if those inputs are used in Lua scripts.
  • Network Segmentation: Isolate Redis servers from other critical systems to minimize the potential damage if a server is compromised.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7359-1: Valkey vulnerabilities
2025-03-20
USN-7359-1: Valkey vulnerabilities | It was discovered that Valkey did not properly handle memory cleanup. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-46981) It was discovered that Valkey did not properly handle resource access permissions. An authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-51741)
ubuntu.com
rss
forum
news
USN-7321-1: Redis vulnerabilities
2025-03-05
USN-7321-1: Redis vulnerabilities | It was discovered that Redis incorrectly handled certain memory operations during pattern matching. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-31228) It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-46981) It was discovered that Redis incorrectly handled some malformed ACL selectors. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.10 and Ubuntu 24.04 LTS
ubuntu.com
rss
forum
news
ZDI-25-010: Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability
2025-03-01
ZDI-25-010: Redis Stack Lua Use-After-Free Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Redis Stack. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-46981.
cve-2024-46981
lua
cve
redis
Tageszusammenfassung - 10.01.2025
CERT.at2025-03-01
Tageszusammenfassung - 10.01.2025 | End-of-Day report Timeframe: Donnerstag 09-01-2025 18:00 - Freitag 10-01-2025 18:00 Handler: Alexander Riepl Co-Handler: n/a News Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware In-the-wild attacks tamper with built-in security tool to suppress infection warnings. https://arstechnica.com/security/2025/01/ivanti-vpn-users-are-getting-hacked-by-actors-exploiting-a-critical-vulnerability/ Stealthy Credit Card Skimmer Targets WordPress Checkout
cert.at
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Ajit Jasrotia2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] | The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay […] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January
allhackernews.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News
2025-01-13
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January] - The Hacker News | News Content: The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure. Let’s turn awareness into action and keep one step ahead of the threats. ⚡ Threat of the Week Critical Ivanti Flaw Comes Under Exploitation
google.com
rss
forum
news

Social Media

Redis 6.x and 7.x, and its forks are vulnerable to CVE-2024-46981. There is a PoC available on GitHub but only works for v7.2.5. It is hard to adapt to v6.2 as the JOP chain used in the PoC does not exist in other versions.
1
0
3
After finding a new JOP chain and resolving ELF parsing problems, we made a CVE-2024-46981 exploit that work for all Redis 6.x and 7.x. Exploit is now available at https://t.co/3vPwVIenWW. Right now, there are ~45K Redis hosts without password that can be RCE’d.
1
0
4
5️⃣ Critical #Redis Threat: Versions before 7.4.2, 7.2.7, and 6.2.17 let authenticated users execute remote code via crafted Lua scripts. Upgrade to safeguard your deployments (Reference: CVE-2024-46981).
0
0
0
#Vulnerability #CVE202446981 CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks https://t.co/aG6B3yy04H
0
0
1
CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to #DoS and #RCE Risks Protect your #Redis database from vulnerabilities. Learn about the risks of CVE-2024-51741 and CVE-2024-46981 and how to mitigate them https://t.co/KrHJZPFOrl
0
0
0
🗣 CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks https://t.co/mq4uhaBjqq
0
0
0
CVE-2024-46981 Remote Code Execution in Redis via Crafting Lua Scripts Redis is an open-source database that stores data in-memory and saves it on disk. Authenticated users might use a crafted Lua script to contr... https://t.co/ZtrDaOUiy3
0
0
0
CVE-2024-46981 Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector an… https://t.co/LefLhC3fF9
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/redis/redis/releases/tag/6.2.17
[email protected]https://github.com/redis/redis/releases/tag/7.2.7
[email protected]https://github.com/redis/redis/releases/tag/7.4.2
[email protected]https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c
AF854A3A-2127-422B-91AE-364DA2661108https://lists.debian.org/debian-lts-announce/2025/01/msg00018.html
[email protected]https://github.com/redis/redis/releases/tag/6.2.17
[email protected]https://github.com/redis/redis/releases/tag/7.2.7
[email protected]https://github.com/redis/redis/releases/tag/7.4.2
[email protected]https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/6.2.17https://github.com/redis/redis/releases/tag/6.2.17
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/7.2.7https://github.com/redis/redis/releases/tag/7.2.7
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/7.4.2https://github.com/redis/redis/releases/tag/7.4.2
HTTPS://GITHUB.COM/REDIS/REDIS/SECURITY/ADVISORIES/GHSA-39H2-X6C4-6W4Chttps://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/6.2.17https://github.com/redis/redis/releases/tag/6.2.17
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/7.2.7https://github.com/redis/redis/releases/tag/7.2.7
HTTPS://GITHUB.COM/REDIS/REDIS/RELEASES/TAG/7.4.2https://github.com/redis/redis/releases/tag/7.4.2
HTTPS://GITHUB.COM/REDIS/REDIS/SECURITY/ADVISORIES/GHSA-39H2-X6C4-6W4Chttps://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence