CVE-2015-4335
published 2015-06-09CVE-2015-4335: Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
9.64%
94.9th percentile
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | redis | < redis 2:3.0.2-1 (bookworm) | redis 2:3.0.2-1 (bookworm) |
| redis | redis | >= 0 < 2:3.0.2-1 | 2:3.0.2-1 |
| redis | redis | >= 0 < 2:3.0.2-1 | 2:3.0.2-1 |
| redis | redis | >= 0 < 2:3.0.2-1 | 2:3.0.2-1 |
| redis | redis | >= 0 < 2:3.0.2-1 | 2:3.0.2-1 |
| redislabs | redis | <= 2.8.20 | — |
| redislabs | redis | — | — |
| redislabs | redis | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor Redis EVAL command usage for attempts to execute Lua bytecode that escapes the Lua sandbox, particularly from authenticated remote users. ↗
- →Review the upstream patch commit for specific code changes that can inform detection of exploitation patterns. ↗
- →Refer to the public sandbox escape proof-of-concept blog post for exploitation technique details to inform detection rules. ↗
- ·Vulnerable versions are Redis before 2.8.21 and Redis 3.x before 3.0.2; upgrade to patched versions to remediate. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
redis: Lua sandbox escape and arbitrary code execution
vendor_redhat·2015-06-04·CVSS 10.0
CVE-2015-4335 [CRITICAL] redis: Lua sandbox escape and arbitrary code execution
redis: Lua sandbox escape and arbitrary code execution
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
A flaw was discovered in redis that could allow an authenticated user, who was able to use the EVAL command to run Lua code, to break out of the Lua sandbox and execute arbitrary code on the system.
Package: redis (Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)) - Affected
Debian
CVE-2015-4335: redis - Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbi...
vendor_debian·2015·CVSS 10.0
CVE-2015-4335 [CRITICAL] CVE-2015-4335: redis - Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbi...
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
Scope: local
bookworm: resolved (fixed in 2:3.0.2-1)
bullseye: resolved (fixed in 2:3.0.2-1)
forky: resolved (fixed in 2:3.0.2-1)
sid: resolved (fixed in 2:3.0.2-1)
trixie: resolved (fixed in 2:3.0.2-1)
GHSA
GHSA-8jrq-fcj6-7g3q: Redis before 2
ghsa_unreviewed·2022-05-14
CVE-2015-4335 [HIGH] GHSA-8jrq-fcj6-7g3q: Redis before 2
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
OSV
CVE-2015-4335: Redis before 2
osv·2015-06-09·CVSS 10.0
CVE-2015-4335 [CRITICAL] CVE-2015-4335: Redis before 2
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
No detection rules found.
No public exploits indexed.
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.htmlhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1676.htmlhttp://www.debian.org/security/2015/dsa-3279http://www.openwall.com/lists/oss-security/2015/06/04/12http://www.openwall.com/lists/oss-security/2015/06/04/8http://www.openwall.com/lists/oss-security/2015/06/05/3http://www.securityfocus.com/bid/75034https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJhttps://security.gentoo.org/glsa/201702-16http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162094.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162146.htmlhttp://lists.opensuse.org/opensuse-updates/2015-10/msg00014.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1676.htmlhttp://www.debian.org/security/2015/dsa-3279http://www.openwall.com/lists/oss-security/2015/06/04/12http://www.openwall.com/lists/oss-security/2015/06/04/8http://www.openwall.com/lists/oss-security/2015/06/05/3http://www.securityfocus.com/bid/75034https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411https://groups.google.com/forum/#%21msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJhttps://security.gentoo.org/glsa/201702-16
2015-06-09
Published