Redis Integer Overflow Vulnerability in Lua Scripting Leading to Remote Code Execution

An integer overflow vulnerability has been identified in Redis versions 8.2.1 and earlier, specifically within the Lua scripting feature. This vulnerability allows an authenticated user to execute a specially crafted Lua script that causes an integer overflow, potentially leading to remote code execution. The issue arises from improper handling of integer values in Lua's table unpacking function, which can be exploited by manipulating the script's input parameters.

Impact

Exploitation of this vulnerability can cause an integer overflow, which may be leveraged to execute arbitrary code on the server where Redis is running.

Reproduction

The vulnerability can be reproduced by executing a Lua script that uses the 'unpack' function with crafted numeric arguments that trigger the integer overflow. This can be done by specifying a range of indexes that exceeds the maximum limit, such as using negative values or values that are too large, which the Lua interpreter incorrectly processes as valid.

Remediation

Users can upgrade to Redis version 8.2.2, where this vulnerability has been fixed. Alternatively, Redis users can prevent the execution of Lua scripts by using Access Control Lists (ACLs) to block the EVAL and FUNCTION command families.