CVE-2025-46686Missing Release of Memory after Effective Lifetime in Redis

CWE-401Missing Release of Memory after Effective LifetimeCWE-789Memory Allocation with Excessive Size ValueCWE-476NULL Pointer Dereference5 documents5 sources
Severity
3.5LOWNVD
EPSS
0.0%
top 85.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
RedisDebian RedisMsrc Azl3 Kernel 6.6.47.1-1 ON Azure Linux 3.0+3 more
Timeline
PublishedJul 23

Description

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages6 packages

CVEListV5redis/redis8.0.3
debiandebian/redis

🔴Vulnerability Details

2
GHSA
GHSA-f46f-fjf4-h4m2: Redis through 72025-07-23
OSV
CVE-2025-46686: Redis through 82025-07-23

📋Vendor Advisories

2
Debian
CVE-2025-46686: redis - Redis through 8.0.3 allows memory consumption via a multi-bulk command composed ...2025
Microsoft
smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()2024-09-10
CVE-2025-46686 — Redis vulnerability | cvebase