CVE-2025-27151

NameCVE-2025-27151
DescriptionRedis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1106822, 1106823, 1106824

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
redict (PTS)sid7.3.2+ds-1vulnerable
redis (PTS)bullseye5:6.0.16-1+deb11u2fixed
bullseye (security)5:6.0.16-1+deb11u6fixed
bookworm5:7.0.15-1~deb12u4vulnerable
bookworm (security)5:7.0.15-1~deb12u3vulnerable
sid, trixie5:8.0.0-2vulnerable
valkey (PTS)sid, trixie8.1.1+dfsg1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
redictsource(unstable)(unfixed)1106823
redissourcebullseye(not affected)
redissource(unstable)(unfixed)1106822
valkeysource(unstable)8.1.1+dfsg1-1.11106824

Notes

[bullseye] - redis <not-affected> (Vulnerable code not present)
https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm
Introcuced by: https://github.com/redis/redis/commit/a50aa29bde33f22dabc307c4a28bc2321f8acdfe (7.0-rc2)
Fixed by: https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56 (8.0.2)
Fixed by: https://codeberg.org/redict/redict/commit/40aa98db1d6601d30154ff078705dcfe1c4c7708
Fixed by: https://github.com/valkey-io/valkey/commit/73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7
Search for package or bug name: Reporting problems