1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1106823: redict: CVE-2025-27151

    From Salvatore Bonaccorso@21:1/5 to All on Fri May 30 07:20:01 2025
    Source: redict
    Version: 7.3.2+ds-1
    Severity: grave
    Tags: security upstream
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi,

    The following vulnerability was published for redict.

    CVE-2025-27151[0]:
    | Redis is an open source, in-memory database that persists on disk.
    | In versions starting from 7.0.0 to before 8.0.2, a stack-based
    | buffer overflow exists in redis-check-aof due to the use of memcpy
    | with strlen(filepath) when copying a user-supplied file path into a
    | fixed-size stack buffer. This allows an attacker to overflow the
    | stack and potentially achieve code execution. This issue has been
    | patched in version 8.0.2.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-27151
    https://www.cve.org/CVERecord?id=CVE-2025-27151
    [1] https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
    [2] https://codeberg.org/redict/redict/commit/40aa98db1d6601d30154ff078705dcfe1c4c7708

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Sun Aug 3 10:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Sun, 03 Aug 2025 08:34:41 +0000
    with message-id <E1uiUAz-00C6Am-04@fasolo.debian.org>
    and subject line Bug#1106823: fixed in redict 7.3.5+ds-1
    has caused the Debian Bug report #1106823,
    regarding redict: CVE-2025-27151
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1106823: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106823
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 30 May 2025 05:14:23 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
    (2024-03-25) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-9.5 required=4.0 tests=BAYES_00,FOURLA,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,MD5_SHA1_SUM,PDS_RDNS_DYNAMIC_FP,RDNS_DYNAMIC,
    SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG autolearn=ham
    autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 150; neutral, 58; spammy,
    0. spammytokens: hammytokens:0.000-+--H*F:U*carnil,
    0.000-+--XDebbugsCc, 0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan,
    0.000-+--H*M:reportbug
    Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:52204 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.96)
    (envelope-