Main Vulnerability Database Vulnerabilities #VU102383

Use-after-free in Redis - CVE-2024-46981

Published: January 6, 2025 / Updated: March 21, 2025

Vulnerability identifier: #VU102383

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2024-46981

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Redis Labs

Affected software:
Redis

Detailed vulnerability description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling Lua script commands. A remote user can pass a specially crafted Lua script to the application and execute arbitrary code on the system..

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

How to mitigate CVE-2024-46981

Install updates from vendor's website.

Sources

https://github.com/redis/redis/security/advisories/GHSA-39h2-x6c4-6w4c

Use-after-free in Redis - CVE-2024-46981

Detailed vulnerability description

How to mitigate CVE-2024-46981

Sources

Please verify you're human