{ "threat_severity" : "Important", "public_date" : "2025-07-07T15:22:19Z", "bugzilla" : { "description" : "redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability", "id" : "2376858", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376858" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.", "A flaw was found in Redis. This flaw allows an authenticated user to trigger an integer overflow by sending a specially crafted string, resulting in a stack or heap out-of-bounds write during hyperloglog operations. This issue potentially results in remote code execution." ], "statement" : "This flaw can only be exploited by an authenticated attacker when the Redis server has hyperloglog operations implemented, limiting the impact of this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-07-21T00:00:00Z", "advisory" : "RHSA-2025:11401", "cpe" : "cpe:/o:redhat:enterprise_linux:10.0", "package" : "valkey-0:8.0.4-1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:12006", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "redis:6-8100020250716063446.489197e6" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12789", "cpe" : "cpe:/a:redhat:rhel_aus:8.4", "package" : "redis:6-8040020250801055559.522a0ee4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12789", "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4", "package" : "redis:6-8040020250801055559.522a0ee4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12769", "cpe" : "cpe:/a:redhat:rhel_aus:8.6", "package" : "redis:6-8060020250731141235.ad008a3a" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12769", "cpe" : "cpe:/a:redhat:rhel_tus:8.6", "package" : "redis:6-8060020250731141235.ad008a3a" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12769", "cpe" : "cpe:/a:redhat:rhel_e4s:8.6", "package" : "redis:6-8060020250731141235.ad008a3a" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12768", "cpe" : "cpe:/a:redhat:rhel_tus:8.8", "package" : "redis:6-8080020250730132007.63b34585" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12768", "cpe" : "cpe:/a:redhat:rhel_e4s:8.8", "package" : "redis:6-8080020250730132007.63b34585" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-21T00:00:00Z", "advisory" : "RHSA-2025:11453", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "redis-0:6.2.19-1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-07-28T00:00:00Z", "advisory" : "RHSA-2025:12008", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "redis:7-9060020250716081121.9" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2025-07-31T00:00:00Z", "advisory" : "RHSA-2025:12468", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "redis-0:6.2.6-1.el9_0.4" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2025-08-01T00:00:00Z", "advisory" : "RHSA-2025:12478", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "redis-0:6.2.7-1.el9_2.4" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-08-04T00:00:00Z", "advisory" : "RHSA-2025:12524", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "redis-0:6.2.7-1.el9_4.4" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2025-08-05T00:00:00Z", "advisory" : "RHSA-2025:12892", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "redis:7-9040020250730125543.9" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Red Hat AI Inference Server", "fix_state" : "Will not fix", "package_name" : "rhaiis/vllm-cuda-rhel9", "cpe" : "cpe:/a:redhat:ai_inference_server:3" }, { "product_name" : "Red Hat AI Inference Server", "fix_state" : "Will not fix", "package_name" : "rhaiis/vllm-rocm-rhel9", "cpe" : "cpe:/a:redhat:ai_inference_server:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-24/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ansible-dev-tools-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-hub-rhel9", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Not affected", "package_name" : "discovery/discovery-server-rhel9", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "valkey", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-amd-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-aws-nvidia-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-azure-amd-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-azure-nvidia-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-gcp-nvidia-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-intel-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/bootc-nvidia-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/gemma-2-9b-it", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/gemma-2-9b-it-fp8", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/granite-3.1-8b-lab-v2.1", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/granite-3.1-8b-starter-v2.1", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/instructlab-amd-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/instructlab-nvidia-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/modelcar-gemma-2-9b-it", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/modelcar-gemma-2-9b-it-fp8", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/modelcar-granite-3-1-8b-lab-v2-1", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI)", "fix_state" : "Not affected", "package_name" : "rhelai1/modelcar-granite-3-1-8b-starter-v2-1", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:1" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-feast-operator-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-feature-server-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-ml-pipelines-api-server-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-ml-pipelines-driver-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-ml-pipelines-launcher-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-ml-pipelines-persistenceagent-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "satellite/iop-advisor-engine-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-32023\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-32023\nhttps://github.com/redis/redis/commit/50188747cbfe43528d2719399a2a3c9599169445\nhttps://github.com/redis/redis/releases/tag/6.2.19\nhttps://github.com/redis/redis/releases/tag/7.2.10\nhttps://github.com/redis/redis/releases/tag/7.4.5\nhttps://github.com/redis/redis/releases/tag/8.0.3\nhttps://github.com/redis/redis/security/advisories/GHSA-rp2m-q4j6-gr43" ], "name" : "CVE-2025-32023", "mitigation" : { "value" : "Prevent users, specially unprivileged or untrusted users, to execute hyperloglog operations by using ACL to restrict hyperloglog commands.", "lang" : "en:us" }, "csaw" : false }