CVE-2025-46686

CVE-2025-46686

Name

CVE-2025-46686

Description

Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the command arguments of every bulk, even when the command is skipped because of insufficient permissions. NOTE: this is disputed by the Supplier because abuse of the commands network protocol is not a violation of the Redis Security Model.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://github.com/io-no/CVE-Reports/issues/1
cve@mitre.org	https://github.com/redis/redis
	https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9

Type

URI

cve@mitre.org

https://github.com/io-no/CVE-Reports/issues/1

cve@mitre.org

https://github.com/redis/redis

https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9

CPE URI	Source package	Min version	Max version
	redis	>= 0	<= 8.0.3

CPE URI

Source package

Min version

Max version

redis

>= 0

<= 8.0.3

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
redis	edge-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.2-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.1-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.2.0-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.12-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.11-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.10-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	7.0.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.6-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-main	6.2.0-r0	None	possibly vulnerable
redis	edge-main	6.0.3-r0	None	possibly vulnerable
redis	edge-main	5.0.8-r0	None	possibly vulnerable
redis	edge-main	5.0.4-r0	None	possibly vulnerable
redis	edge-community	8.0.3-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	8.0.2-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	8.0.1-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	8.0.0-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.7-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r2	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	edge-community	7.2.5-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.5-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	edge-community	7.2.4-r0	None	possibly vulnerable
redis	edge-community	7.2.2-r0	None	possibly vulnerable
redis	edge-community	7.2.1-r0	None	possibly vulnerable
redis	edge-community	7.0.12-r0	None	possibly vulnerable
redis	edge-community	7.0.8-r0	None	possibly vulnerable
redis	edge-community	7.0.6-r0	None	possibly vulnerable
redis	edge-community	7.0.5-r0	None	possibly vulnerable
redis	edge-community	7.0.4-r0	None	possibly vulnerable
redis	edge-community	6.2.7-r0	None	possibly vulnerable
redis	edge-community	6.2.6-r0	None	possibly vulnerable
redis	edge-community	6.2.5-r0	None	possibly vulnerable
redis	edge-community	6.2.4-r0	None	possibly vulnerable
redis	edge-community	6.2.0-r0	None	possibly vulnerable
redis	edge-community	6.0.3-r0	None	possibly vulnerable
redis	edge-community	5.0.8-r0	None	possibly vulnerable
redis	edge-community	5.0.4-r0	None	possibly vulnerable
redis	3.22-community	8.0.3-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	3.22-community	8.0.2-r0	None	possibly vulnerable
redis	3.22-community	8.0.0-r0	None	possibly vulnerable
redis	3.22-community	7.2.9-r0	fossdd <fossdd@pwned.life>	possibly vulnerable
redis	3.22-community	7.2.7-r0	None	possibly vulnerable
redis	3.22-community	7.2.5-r1	None	possibly vulnerable
redis	3.22-community	7.2.4-r0	None	possibly vulnerable
redis	3.22-community	7.2.2-r0	None	possibly vulnerable
redis	3.22-community	7.2.1-r0	None	possibly vulnerable
redis	3.22-community	7.0.12-r0	None	possibly vulnerable
redis	3.22-community	7.0.8-r0	None	possibly vulnerable
redis	3.22-community	7.0.6-r0	None	possibly vulnerable
redis	3.22-community	7.0.5-r0	None	possibly vulnerable
redis	3.22-community	7.0.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.7-r0	None	possibly vulnerable
redis	3.22-community	6.2.6-r0	None	possibly vulnerable
redis	3.22-community	6.2.5-r0	None	possibly vulnerable
redis	3.22-community	6.2.4-r0	None	possibly vulnerable
redis	3.22-community	6.2.0-r0	None	possibly vulnerable
redis	3.22-community	6.0.3-r0	None	possibly vulnerable
redis	3.22-community	5.0.8-r0	None	possibly vulnerable
redis	3.22-community	5.0.4-r0	None	possibly vulnerable
redis	3.19-main	7.2.9-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.8-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.7-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r1	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.4-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.3-r0	TBK <alpine@jjtc.eu>	possibly vulnerable
redis	3.19-main	7.2.2-r0	None	possibly vulnerable
redis	3.19-main	7.2.1-r0	None	possibly vulnerable
redis	3.19-main	7.0.12-r0	None	possibly vulnerable
redis	3.19-main	7.0.8-r0	None	possibly vulnerable
redis	3.19-main	7.0.6-r0	None	possibly vulnerable
redis	3.19-main	7.0.5-r0	None	possibly vulnerable
redis	3.19-main	7.0.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.7-r0	None	possibly vulnerable
redis	3.19-main	6.2.6-r0	None	possibly vulnerable
redis	3.19-main	6.2.5-r0	None	possibly vulnerable
redis	3.19-main	6.2.4-r0	None	possibly vulnerable
redis	3.19-main	6.2.0-r0	None	possibly vulnerable
redis	3.19-main	6.0.3-r0	None	possibly vulnerable
redis	3.19-main	5.0.8-r0	None	possibly vulnerable
redis	3.19-main	5.0.4-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages