CNNVD-202507-3040 Information
CNNVD ID
CNNVD-202507-3040
Related CVE
- CNNVD Published: 2025-07-23
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 7.4.3及之前版本存在安全漏洞,该漏洞源于多批量命令内存分配不当,可能导致内存消耗攻击。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. Redis 7.4.3 and previous versions had a security loophole, which stemmed from the misallocation of multiple batches of command memory, which could lead to a RAM consumption attack.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Redis
Published
2025-07-23
Last Modified
2026-02-24
References
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9 https://github.com/io-no/CVE-Reports/issues/1 https://access.redhat.com/security/cve/cve-2025-46686 https://nvd.nist.gov/vuln/detail/CVE-2025-46686
Patch
https://github.com/redis/redis/releases
Share on: