10
CVE-2026-46752
- EPSS 0.4%
- Veröffentlicht 25.06.2026 08:00:18
- Zuletzt bearbeitet 25.06.2026 13:27:40
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Kvrocks: Stack buffer overflow in Lua bit.tohex()
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerApache Software Foundation
≫
Produkt
Apache Kvrocks
Default Statusunaffected
Version <=
2.15.0
Version
2.0.4
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.314 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@apache.org | 10 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
https://lists.apache.org/thread/11sr3bkkhkk0q01odgw6ddsj7fzo31pt
http://www.openwall.com/lists/oss-security/2026/06/25/4