Stack-based Buffer Overflow in Redis Affects Open Source In-Memory Database
CVE-2025-27151
4.7MEDIUM
What is CVE-2025-27151?
A vulnerability has been identified in Redis, specifically in the redis-check-aof component. This issue arises from a stack-based buffer overflow resulting from the improper use of memcpy combined with user-supplied file paths. When a user-defined filepath is copied into a fixed-size stack buffer, it can lead to an overflow, potentially allowing an attacker to execute arbitrary code. This vulnerability affects all Redis versions from 7.0.0 up to, but not including, 8.0.2. Users are strongly advised to upgrade to version 8.0.2 or later to mitigate this risk.
Affected Version(s)
redis >= 7.0.0, < 8.0.2