Source: redis Version: 5:8.0.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 5:7.0.15-3 Control: found -1 5:7.0.15-1
Hi, The following vulnerability was published for redis. CVE-2025-27151[0]: | Redis is an open source, in-memory database that persists on disk. | In versions starting from 7.0.0 to before 8.0.2, a stack-based | buffer overflow exists in redis-check-aof due to the use of memcpy | with strlen(filepath) when copying a user-supplied file path into a | fixed-size stack buffer. This allows an attacker to overflow the | stack and potentially achieve code execution. This issue has been | patched in version 8.0.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-27151 https://www.cve.org/CVERecord?id=CVE-2025-27151 [1] https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm Regards, Salvatore
