FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

redis,valkey -- Out of bounds write in hyperloglog commands leads to RCE

Affected packages
8.0.0 <= redis < 8.0.3
7.4.0 <= redis74 < 7.4.5
7.2.0 <= redis72 < 7.2.10
6.2.0 <= redis62 < 6.2.19
valkey < 8.1.3

Details

VuXML ID f11d0a69-5b2d-11f0-b507-000c295725e4
Discovery 2025-07-06
Entry 2025-07-07

Seunghyun Lee reports:

An authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution.

[source]

References

CVE Name CVE-2025-32023
URL https://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.