CNNVD-202507-709 Information
CNNVD ID
CNNVD-202507-709
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis存在安全漏洞,该漏洞源于超日志操作可能导致堆栈或堆越界写入,可能导致远程代码执行。以下版本受到影响:2.8版本至8.0.3版本、7.4.5版本、7.2.10版本和6.2.19之前版本。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. There is a security loophole in Redis, which stems from the operation of the superlog, which may lead to stacks or stacks being written across borders and may lead to remote code implementation. The following versions were affected: 2.8 to 8.0.3, 7.4.5, 7.2.10 and pre-6.2.19.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Redisgraph
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/redis/redis/releases/tag/7.2.10 https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43 https://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445 https://github.com/redis/redis/releases/tag/7.4.5 https://github.com/redis/redis/releases/tag/6.2.19 https://github.com/redis/redis/releases/tag/8.0.3 https://access.redhat.com/security/cve/cve-2025-32023 https://www.exploit-db.com/exploits/52477
Patch
https://github.com/redis/redis/releases
Share on: