Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2025-27151

Published: May 29, 2025Last modified: May 30, 2025

Description

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

Severity score breakdown

ParameterValue
Base score4.7
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSredisFixed (7.0.15-r4)
StreamredisFixed (8.0.2-r0)

References

ON THIS PAGE