FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis,valkey -- {redis,valkey}-check-aof may lead to stack overflow and potential RCE

Affected packages
8.0.0 <= redis < 8.0.2
7.4.0 <= redis74 < 7.4.4
7.2.0 <= redis72 < 7.2.9
valkey < 8.1.2

Details

VuXML ID 4ea9cbc3-5b28-11f0-b507-000c295725e4
Discovery 2025-05-28
Entry 2025-07-07

Simcha Kosman & CyberArk Labs reports:

A user can run the {redis,valkeyu}-check-aof cli and pass a long file path to trigger a stack buffer overflow, which may potentially lead to remote code execution.

[source]

References

CVE Name CVE-2025-27151
URL https://github.com/redis/redis/security/advisories/GHSA-5453-q98w-cmvm

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.