Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-49844) It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a integer overflow condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-46817) It was discovered that Valkey incorrectly handled Lua objects. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2025-46818) It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to read out-of-bounds memory, causing a denial of service or possibly obtaining sensitive information. (CVE-2025-46819) It was discovered that Valkey incorrectly handled memory in some calculations. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-49112)
Continue reading...
Continue reading...
