Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-27151

Опубликовано: 29 мая 2025
Источник: debian

Описание

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
redisfixed5:8.0.2-2package
redisnot-affectedbullseyepackage
redictfixed7.3.5+ds-1package
valkeyfixed8.1.1+dfsg1-1.1package

Примечания

  • https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm

  • Introcuced by: https://github.com/redis/redis/commit/a50aa29bde33f22dabc307c4a28bc2321f8acdfe (7.0-rc2)

  • Fixed by: https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56 (8.0.2)

  • Fixed by: https://codeberg.org/redict/redict/commit/40aa98db1d6601d30154ff078705dcfe1c4c7708

  • Fixed by: https://github.com/valkey-io/valkey/commit/73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7

Связанные уязвимости

ubuntu логотип

CVE-2025-27151

CVSS3: 4.7
ubuntu
5 месяцев назад

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

redhat логотип

CVE-2025-27151

CVSS3: 2.5
redhat
5 месяцев назад

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

nvd логотип

CVE-2025-27151

CVSS3: 4.7
nvd
5 месяцев назад

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

msrc логотип

CVE-2025-27151

CVSS3: 4.7
msrc
4 месяца назад

redis-check-aof may lead to stack overflow and potential RCE

suse-cvrf логотип

SUSE-SU-2025:02190-1

suse-cvrf
4 месяца назад

Security update for redis