CVE-2025-54472

CWE-190Integer OverflowCWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.5HIGH
EPSS
0.3%
top 47.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache BrpcApache Brpc
Timeline
PublishedAug 14

Description

Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data p

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/brpc< 1.14.1

Patches

Patch: lists.apache.org

🔴Vulnerability Details

2
CVEList
Apache bRPC: Redis Parser Remote Denial of Service2025-08-14
GHSA
GHSA-fgf7-x5pv-vcc3: Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 12025-08-14
CVE-2025-54472 (HIGH CVSS 7.5) | Unlimited memory allocation in redi | cvebase.io