关联漏洞
标题:
Redis 资源管理错误漏洞
(CVE-2025-49844)
描述:Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在资源管理错误漏洞,该漏洞源于特制Lua脚本可操纵垃圾收集器,触发释放后重用,可能导致远程代码执行。
描述
CVE-2025-49844 – Redis Lua Parser Use-After-Free
介绍
# CVE-2025-49844 – Redis Lua Parser Use-After-Free
Lua chunk-name GC race leading to Redis 8.2.1 use-after-free and remote code execution.
## Overview
Redis embeds Lua 5.1 for scripting. In versions up to 8.2.1 the `luaY_parser` function does NOT anchor the chunk name string on the Lua stack before invoking the lexer. A crafted script can trigger garbage collection while the parser still references the freed string, producing a UAF that leads to native code execution.
## Environment
- Redis server 8.2.1 (or any vulnerable release before 8.2.2)
- `redis-cli`
- Local network access to the Redis instance
## Files
- [`CVE-2025-49844.lua`](/CVE-2025-49844.lua) – hammer the parser with thousands of `loadstring` calls and a GC-enabled chunk name to win the race.
## Usage
```bash
while redis-cli -h localhost -p 6379 --eval CVE-2025-49844.lua >/dev/null; do
printf '.'
done
```
**Expected result:**
On vulnerable builds the Redis process eventually crashes or drops the connection. Patched 8.2.2 (commit [d5728cb5795c966c5b5b1e0f0ac576a7e69af539](https://github.com/redis/redis/commit/d5728cb5795c966c5b5b1e0f0ac576a7e69af539)) anchors the chunk name and the script runs harmlessly.
## Mitigation
Upgrade to Redis 8.2.2 or later, or disable Lua scripting for untrusted users.
文件快照
[4.0K] /data/pocs/47a66614a1f0059a86746be26e27451c24cf0ca4
├── [1.1K] CVE-2025-49844.lua
└── [1.3K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。