CVE-2025-49112

Name
CVE-2025-49112
Description
setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/redis/redis/blob/994bc96bb1744cb153392fc96bdba43eae56e17f/src/networking.c#L783
cve@mitre.org https://github.com/valkey-io/valkey/blob/daea05b1e26db29bfd1c033e27f9d519a2f8ccbb/src/networking.c#L886
cve@mitre.org https://github.com/valkey-io/valkey/pull/2101

Match rules

CPE URI Source package Min version Max version
valkey >= 0 <= 8.1.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
valkey edge-main 7.2.7-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
valkey edge-main 7.2.8-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
valkey edge-main 7.2.9-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
valkey edge-main 8.1.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
valkey edge-main 8.1.1-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable