## https://sploitus.com/exploit?id=734892A4-DC9F-532A-B69F-88E0A8F04F5B
# CVE-2025-46817 โ Redis Lua `unpack` Integer Overflow (Potential RCE)
Redis Lua `unpack` integer overflow PoC causing stack blow-up and crash on 8.2.1.
## Overview
Redis 8.2.1 ships Lua 5.1 with an `unpack` implementation that computes the result count using signed integers. Carefully chosen start/end indices wrap the arithmetic, bypass `lua_checkstack`, and force Lua to push billions of results. Combined with table index wrapping, this can corrupt heap memory and lead to RCE.
## Environment
- Redis server 8.2.1 (or any vulnerable release before 8.2.2)
- `redis-cli`
- Local network access to the Redis instance
## Files
- [`CVE-2025-46817.lua`](/CVE-2025-46817.lua) โ calls `unpack` with a range that overflows signed arithmetic.
## Usage
```bash
redis-cli -h localhost -p 6379 --eval CVE-2025-46817.lua
```
**Expected result:**
On 8.2.1 the server typically terminates the connection or crashes from excessive stack growth. Redis 8.2.2 (commit [fc9abc775e308374f667fdf3e723ef4b7eb0e3ca](https://github.com/redis/redis/commit/fc9abc775e308374f667fdf3e723ef4b7eb0e3ca)) rejects the call with "ERR Error running script (too many results to unpack)".
## Mitigation
Upgrade to Redis 8.2.2 or later, which hardens `luaB_unpack` and `luaH_getnum`, or disable Lua scripting for untrusted users.