CNNVD-202511-118 Information
CNNVD ID
CNNVD-202511-118
Related CVE
- CNNVD Published: 2025-11-04
Description (Chinese)
Redis是美国Redis公司的一套开源的使用ANSI C编写、支持网络、可基于内存亦可持久化的日志型、键值(Key-Value)存储数据库,并提供多种语言的API。 Redis 8.2.0版本和8.2.3之前版本存在安全漏洞,该漏洞源于XACKDEL命令触发栈缓冲区溢出,可能导致远程代码执行。
Description (English)
Redis is an open source for the United States of America, using ANSI C to develop, support networks, store databases based on memory and sustainable log type, key (Key-Value) and provide a multilingual API. There is a security loophole in Redis, version 8.2.0 and previous versions of 8.2.3, which originates from the XACKDEL command to trigger an outburst of the silo buffer zone, which could lead to remote code implementation.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Redis
Published
2025-11-04
Last Modified
2026-02-24
References
https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8 https://github.com/redis/redis/commit/5f83972188f6e5b1d6f1940218c650a9cbdf7741 https://github.com/redis/redis/releases/tag/8.2.3 https://vigilance.fr/vulnerability/Redis-buffer-overflow-via-XACKDEL-STREAMID-STATIC-VECTOR-LEN-48641 https://access.redhat.com/security/cve/cve-2025-62507
Patch
https://github.com/redis/redis/releases
Share on: