CVE-2025-46819 PoC — Redis 输入验证错误漏洞

Source

Associated Vulnerability

Description

CVE-2025-46819 – Redis Lua Long-String Delimiter Out-of-Bounds Read

Readme

# CVE-2025-46819 – Redis Lua Long-String Delimiter Out-of-Bounds Read

Malformed long-string delimiter causing Lua lexer OOBs read on Redis 8.2.1.

## Overview

Lua's long-string parser in Redis 8.2.1 mishandles malformed `[=...` sequences, returning sentinel values that lead to buffer underflows or excessive recursion. Attackers can cause Redis to read out of bounds or overflow the C stack.

## Environment

- Redis server 8.2.1 (or any vulnerable release before 8.2.2)
- `redis-cli`
- Local network access to the Redis instance

## Files

- [`CVE-2025-46819.lua`](/CVE-2025-46819.lua) – constructs a huge malformed delimiter and feeds it to `loadstring`.

## Usage

```bash
redis-cli -h localhost -p 6379 --eval CVE-2025-46819.lua
```

**Expected result:**

On vulnerable versions you'll typically see "ERR C stack overflow" or an immediate crash. Redis 8.2.2 (commit [3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba](https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba)) rejects the script with "invalid long string delimiter" without destabilizing the server.

## Mitigation

Upgrade to Redis 8.2.2 or later, or disable Lua for untrusted users.

File Snapshot

 [4.0K]  /data/pocs/e264ec48ece2c2dd554e0b94d405882503c276d1
├── [1.1K]  CVE-2025-46819.lua
└── [1.1K]  README.md

1 directory, 2 files

Remarks