Primary

Context

Redis Stack-Based Buffer Overflow Vulnerability in redis-check-aof Allowing Potential Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in the Redis command-line tool redis-check-aof, affecting Redis versions 7.0.0 prior to 8.0.2. The vulnerability arises from the use of memcpy with strlen(filepath), which allows user-supplied file paths to overflow a fixed-size stack buffer. This could enable an attacker to manipulate the stack and execute arbitrary code.

Impact

Exploitation of this vulnerability can lead to a stack-based buffer overflow, with the potential for arbitrary code execution.

Reproduction

To reproduce this vulnerability, run the redis-check-aof command and provide a file path that exceeds the maximum allowed length. The tool will attempt to copy the path into a fixed-size stack buffer, causing a buffer overflow. This vulnerability exists in Redis versions 7.0.0 through 8.0.2.

Remediation

Users can upgrade to Redis version 8.0.2 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

4.5

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

10.0

exploitability

4.5

remediation

7.7

relevance

0.0

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Redis Stack-Based Buffer Overflow Vulnerability in redis-check-aof Allowing Potential Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Redis

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating