CVE-2025-26269

Опубликовано: 17 апр. 2025

Источник: nvd

CVSS3: 3.3

CVSS3: 5.5

EPSS Низкий

Описание

DragonflyDB Dragonfly through 1.28.2 (fixed in 1.29.0) allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.

Ссылки

https://gist.github.com/ankki-zsyang/d8215cf6e868d07546eaa5346a884ebd
Exploit
Third Party Advisory
https://github.com/dragonflydb/dragonfly/commit/4612aec9a78e3f604e6fb19bee51acde89723308
Patch
https://github.com/dragonflydb/dragonfly/issues/4468
Exploit
Issue Tracking
Patch
https://github.com/dragonflydb/dragonfly/issues/4468
Exploit
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dragonflydb:dragonfly:*:*:*:*:*:*:*:*

Версия до 1.29.0 (исключая)

EPSS

Процентиль: 13%

0.00042

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-191

Связанные уязвимости

GHSA-cqc2-rc24-647j

CVSS3: 3.3

github

10 месяцев назад

DragonflyDB Dragonfly through 1.28.2 allows authenticated users to cause a denial of service (daemon crash) via a Lua library command that references a large negative integer.

EPSS

Процентиль: 13%

0.00042

Низкий

3.3 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-191