Unrated severityNVD Advisory· Published May 29, 2025· Updated May 29, 2025

redis-check-aof may lead to stack overflow and potential RCE

CVE-2025-27151

Description

Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.

Affected products

Redis/Redisllm-fuzzy2 versions
>=7.0.0, <8.0.2+ 1 more
- (no CPE)range: >=7.0.0, <8.0.2
- (no CPE)range: >= 7.0.0, < 8.0.2
osv-coords35 versions
pkg:apk/chainguard/py3.10-redis pkg:apk/chainguard/py3.11-redis pkg:apk/chainguard/py3.12-redis pkg:apk/chainguard/py3.13-redis pkg:apk/chainguard/py3-redis pkg:apk/chainguard/redis-7.2 pkg:apk/chainguard/redis-7.2-iamguarded-compat pkg:apk/chainguard/redis-7.4 pkg:apk/chainguard/redis-benchmark-7.2 pkg:apk/chainguard/redis-cli-7.2 pkg:apk/chainguard/redis-cluster-7.2-iamguarded-compat pkg:apk/chainguard/redis-sentinel-7.2-iamguarded-compat pkg:apk/wolfi/redis-7.2 pkg:apk/wolfi/redis-7.4 pkg:apk/wolfi/redis-benchmark-7.2 pkg:apk/wolfi/redis-cli-7.2 pkg:bitnami/keydb pkg:bitnami/redis pkg:bitnami/valkey pkg:rpm/almalinux/redis pkg:rpm/almalinux/redis-devel pkg:rpm/almalinux/redis-doc pkg:rpm/almalinux/valkey pkg:rpm/almalinux/valkey-devel pkg:rpm/opensuse/redis7&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/valkey&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/redis7&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/redis&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/valkey&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6 pkg:rpm/suse/valkey&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7
< 0+ 34 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 7.2.9-r1
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.4.4-r1
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.9-r1
- (no CPE)range: < 7.4.4-r1
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: < 7.2.12-r2
- (no CPE)range: >= 7.0.0
- (no CPE)range: >= 7.0.0, < 7.2.9
- (no CPE)range: < 7.2.10
- (no CPE)range: < 7.2.10-1.module_el9.6.0+173+efaf9205
- (no CPE)range: < 7.2.10-1.module_el9.6.0+173+efaf9205
- (no CPE)range: < 7.2.10-1.module_el9.6.0+173+efaf9205
- (no CPE)range: < 8.0.4-1.el10_0
- (no CPE)range: < 8.0.4-1.el10_0
- (no CPE)range: < 7.0.8-150600.8.16.1
- (no CPE)range: < 7.2.4-150600.3.12.1
- (no CPE)range: < 8.0.2-150600.13.11.1
- (no CPE)range: < 7.0.8-150500.3.21.1
- (no CPE)range: < 7.0.8-150500.3.21.1
- (no CPE)range: < 7.0.8-150600.8.16.1
- (no CPE)range: < 7.0.8-150500.3.21.1
- (no CPE)range: < 7.0.8-150500.3.21.1
- (no CPE)range: < 7.2.4-150600.3.12.1
- (no CPE)range: < 8.0.2-150600.13.11.1
- (no CPE)range: < 8.0.2-150700.3.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56mitrex_refsource_MISC
github.com/redis/redis/releases/tag/8.0.2mitrex_refsource_MISC
github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000