Home / mailings [USN-7824-2] Redict vulnerability
Posted on 16 October 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7824-2
October 16, 2025
redict vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
Summary:
Redict could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.
Software Description:
- redict: Distributed key/value store
Details:
USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Redict - a fork of Redis.
Original advisory details:
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially
achieve remote code execution on the Redis server.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
redict 7.3.5+ds-1ubuntu0.1
redict-sentinel 7.3.5+ds-1ubuntu0.1
redict-server 7.3.5+ds-1ubuntu0.1
redict-tools 7.3.5+ds-1ubuntu0.1
Ubuntu 25.04
redict 7.3.2+ds-1ubuntu0.1
redict-sentinel 7.3.2+ds-1ubuntu0.1
redict-server 7.3.2+ds-1ubuntu0.1
redict-tools 7.3.2+ds-1ubuntu0.1
After a standard system update you need to restart Redict to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7824-2
https://ubuntu.com/security/notices/USN-7824-1
CVE-2025-49844
Package Information:
https://launchpad.net/ubuntu/+source/redict/7.3.5+ds-1ubuntu0.1
https://launchpad.net/ubuntu/+source/redict/7.3.2+ds-1ubuntu0.1
--===============4800386525115379446==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
