CVE-2025-49112 — Integer Underflow (Wrap or Wraparound) in Valkey

CWE-191 — Integer Underflow (Wrap or Wraparound)20 documents8 sources

Severity

3.1LOWNVD

OSV8.8

EPSS

0.1%

top 75.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lfprojects Valkey Debian Redict Debian Redis +3 more

Timeline

PublishedJun 2

Latest updateNov 26

Description

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages7 packages

▶debiandebian/valkey< redict 7.3.5+ds-1 (forky)

▶Debianlfprojects/valkey< 8.1.1+dfsg1-2+1

▶Ubuntulfprojects/valkey< 7.2.11+dfsg1-0ubuntu0.2+1

▶CVEListV5valkey/valkey8.1.1

▶msrcmsrc/azl3_valkey_8.0.3-3_on_azure_linux_3.0

🔴Vulnerability Details

OSV

valkey vulnerabilities↗2025-11-26

▶

OSV

CVE-2025-49112: setDeferredReply in networking↗2025-06-02

▶

GHSA

GHSA-xhp4-6g9v-4xvj: setDeferredReply in networking↗2025-06-02

▶

📋Vendor Advisories

Ubuntu

Valkey vulnerabilities↗2025-11-26

▶

Microsoft

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow↗2025-06-10

▶

Red Hat

valkey: Valkey Integer Underflow Vulnerability↗2025-06-02

▶

Debian

CVE-2025-49112: redict - setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflo...↗2025

▶

🕵️Threat Intelligence

Trendmicro

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit↗2025-01-09

▶

Trendmicro

Information Stealer Pretends to be LDAPNightmare (CVE-2024-49113) PoC Exploit↗2025-01-09

▶

Trendmicro

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit↗2025-01-09

▶

Trendmicro

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit↗2025-01-09

▶

Trendmicro

Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit↗2025-01-09

▶