Source: redis
Version: 5:8.0.0-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc:
carnil@debian.org, Debian Security Team <
team@security.debian.org>
Control: found -1 5:7.0.15-3
Control: found -1 5:7.0.15-1
Hi,
The following vulnerability was published for redis.
CVE-2025-27151[0]:
| Redis is an open source, in-memory database that persists on disk.
| In versions starting from 7.0.0 to before 8.0.2, a stack-based
| buffer overflow exists in redis-check-aof due to the use of memcpy
| with strlen(filepath) when copying a user-supplied file path into a
| fixed-size stack buffer. This allows an attacker to overflow the
| stack and potentially achieve code execution. This issue has been
| patched in version 8.0.2.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2025-27151
https://www.cve.org/CVERecord?id=CVE-2025-27151
[1]
https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)