{"id":"BIT-valkey-2025-27151","summary":"redis-check-aof may lead to stack overflow and potential RCE","details":"Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2.","aliases":["BIT-keydb-2025-27151","BIT-redis-2025-27151","CVE-2025-27151","GHSA-5453-q98w-cmvm"],"modified":"2025-11-06T13:25:46.476Z","published":"2025-05-31T06:02:22.962Z","database_specific":{"severity":"Critical","cpes":["cpe:2.3:a:redis:redis:*:*:*:*:*:*:*:*","cpe:2.3:a:valkey-io:valkey:*:*:*:*:*:*:*:*"]},"references":[{"type":"WEB","url":"https://github.com/redis/redis/commit/643b5db235cb82508e72f11c7b4bbfc7dc39be56"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/8.0.2"},{"type":"WEB","url":"https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27151"}],"affected":[{"package":{"name":"valkey","ecosystem":"Bitnami","purl":"pkg:bitnami/valkey"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"7.2.10"},{"introduced":"7.3.0"},{"fixed":"8.0.5"},{"introduced":"8.1.0"},{"fixed":"8.1.2"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/valkey/BIT-valkey-2025-27151.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}