{"id":"BIT-keydb-2025-27151","summary":"redis-check-aof may lead to stack overflow and potential RCE","details":"Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.","aliases":["BIT-redis-2025-27151","BIT-valkey-2025-27151","CVE-2025-27151","GHSA-5453-q98w-cmvm"],"modified":"2026-04-24T06:41:38.236018918Z","published":"2025-05-31T05:45:47.374Z","database_specific":{"cpes":["cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*"],"severity":"Critical"},"references":[{"type":"WEB","url":"https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.0.2"},{"type":"WEB","url":"https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27151"}],"affected":[{"package":{"name":"keydb","ecosystem":"Bitnami","purl":"pkg:bitnami/keydb"},"ranges":[{"type":"SEMVER","events":[{"introduced":"7.0.0"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/keydb/BIT-keydb-2025-27151.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}