关联漏洞
标题:
Redis 输入验证错误漏洞
(CVE-2025-46817)
描述:Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在输入验证错误漏洞,该漏洞源于特制Lua脚本可能导致整数溢出,从而引发远程代码执行。
描述
CVE-2025-46817 – Redis Lua unpack Integer Overflow (Potential RCE)
介绍
# CVE-2025-46817 – Redis Lua `unpack` Integer Overflow (Potential RCE)
Redis Lua `unpack` integer overflow PoC causing stack blow-up and crash on 8.2.1.
## Overview
Redis 8.2.1 ships Lua 5.1 with an `unpack` implementation that computes the result count using signed integers. Carefully chosen start/end indices wrap the arithmetic, bypass `lua_checkstack`, and force Lua to push billions of results. Combined with table index wrapping, this can corrupt heap memory and lead to RCE.
## Environment
- Redis server 8.2.1 (or any vulnerable release before 8.2.2)
- `redis-cli`
- Local network access to the Redis instance
## Files
- [`CVE-2025-46817.lua`](/CVE-2025-46817.lua) – calls `unpack` with a range that overflows signed arithmetic.
## Usage
```bash
redis-cli -h localhost -p 6379 --eval CVE-2025-46817.lua
```
**Expected result:**
On 8.2.1 the server typically terminates the connection or crashes from excessive stack growth. Redis 8.2.2 (commit [fc9abc775e308374f667fdf3e723ef4b7eb0e3ca](https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca)) rejects the call with "ERR Error running script (too many results to unpack)".
## Mitigation
Upgrade to Redis 8.2.2 or later, which hardens `luaB_unpack` and `luaH_getnum`, or disable Lua scripting for untrusted users.
文件快照
[4.0K] /data/pocs/17c5b5238e8743510bd5c7d2ab56f7eef185fd3b
├── [ 500] CVE-2025-46817.lua
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。