Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-49844)
It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a integer overflow condition, and potentially achieve remote code execution on the Valkey server. (CVE-2025-46817)
It was discovered that Valkey incorrectly handled Lua objects. An authenticated attacker could possibly use this issue to escalate their privileges. (CVE-2025-46818)
It was discovered that Valkey incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to read out-of-bounds memory, causing a denial of service or possibly obtaining sensitive information. (CVE-2025-46819)
It was discovered that Valkey incorrectly handled memory in some calculations. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-49112)
7.2.11+dfsg1-0ubuntu0.28.1.4+dfsg1-0ubuntu0.2