Redis 8.2.2: Hardening the Lua Engine Against Four Critical Vulnerabilities

Redis 8.2.2 is a security-focused patch release that fixes four vulnerabilities in the embedded Lua engine — notably a CVSS 10.0 use-after-free enabling sandbox escape and a CVSS 9.8 integer overflow in unpack that can lead to memory corruption. The report walks through the patches, explains the root causes and code changes, identifies deployment scenarios at risk (multi-tenant/shared Redis and setups accepting untrusted Lua), and recommends immediate patching, ACL restrictions, instance segmentation, and monitoring controls.