Source: valkey Version: 8.1.1+dfsg1-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for valkey. CVE-2025-27151[0]: | Redis is an open source, in-memory database that persists on disk. | In versions starting from 7.0.0 to before 8.0.2, a stack-based | buffer overflow exists in redis-check-aof due to the use of memcpy | with strlen(filepath) when copying a user-supplied file path into a | fixed-size stack buffer. This allows an attacker to overflow the | stack and potentially achieve code execution. This issue has been | patched in version 8.0.2. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-27151 https://www.cve.org/CVERecord?id=CVE-2025-27151 [1] https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm [2] https://github.com/valkey-io/valkey/commit/73696bf6e2cf754acc3ec24eaf9ca6b879bfc5d7 Regards, Salvatore
