Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN768
_____________________________________________________________________

DATE                : 05/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Redis versions prior to 8.2.3.

=====================================================================
https://github.com/redis/redis/security/advisories/GHSA-jhjx-x4cf-4vm8
_____________________________________________________________________


Bug in XACKDEL may lead to stack overflow and potential RCE
High
YaacovHazan published GHSA-jhjx-x4cf-4vm8 Nov 2, 2025

Package
redis-server

Affected versions
>= 8.2.0

Patched versions
8.2.3


Description

Impact

A user can run the XACKDEL command with multiple ID's and trigger
a stack buffer overflow, which may potentially lead to remote code
execution.

The problem exists in Redis 8.2 or newer.


Details

The code doesn't handle the case where the number of ID's exceeds
the STREAMID_STATIC_VECTOR_LEN, and skips a reallocation, which
leads to a stack buffer overflow.


Workarounds

An additional workaround to mitigate the problem without patching
the redis-server executable is to prevent users from executing
XACKDEL operation. This can be done using ACL to restrict XACKDEL
command.


Credits

The problem was reported by Google Big Sleep


Severity
High
7.7/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2025-62507

Weaknesses
Weakness CWE-20
Weakness CWE-121 


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================