CVE-2025-27151

EPSS 0.27%
Veröffentlicht 29.05.2025 09:07:34
Zuletzt bearbeitet 23.12.2025 15:03:51
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

redis-check-aof may lead to stack overflow and potential RCE

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redis ≫ Redis Version >= 7.0.0 < 7.2.9

Redis ≫ Redis Version >= 7.4.0 < 7.4.4

Redis ≫ Redis Version >= 8.0.0 < 8.0.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.503

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm

Third Party Advisory

https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56

Patch

https://github.com/redis/redis/releases/tag/8.0.2

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-27151

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-27151

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27151

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-27151